Report Name: Linux Patch Wednesday May 2024Generated: 2024-06-16 00:43:13
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Kerberos | 1 | 24 | 31 | 2 | 57 | Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet | ||
AMD Processor | 0.9 | 2 | 2 | 4 | Processor | |||
Active Directory | 0.9 | 1 | 1 | Active Directory is a directory service developed by Microsoft for Windows domain networks | ||||
Apache HTTP Server | 0.9 | 2 | 13 | 14 | 5 | 34 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
GNU Bash | 0.9 | 2 | 2 | Bash is the shell, or command language interpreter, for the GNU operating system | ||||
GitLab | 0.9 | 4 | 4 | GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application | ||||
HTTP/2 | 0.9 | 1 | 1 | 4 | 6 | HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web | ||
Intel(R) Processor | 0.9 | 2 | 2 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | ||||
Linux Kernel | 0.9 | 3 | 43 | 533 | 513 | 1092 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
Microsoft SCOM | 0.9 | 1 | 1 | System Center Operations Manager | ||||
Sudo | 0.9 | 1 | 2 | 6 | 5 | 14 | Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user | |
Windows Encrypting File System | 0.9 | 2 | 9 | 5 | 16 | Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption | ||
Windows Kernel | 0.9 | 2 | 14 | 32 | 5 | 53 | Windows Kernel | |
Windows LDAP | 0.9 | 2 | 6 | 33 | 3 | 44 | Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication | |
nghttp2 | 0.9 | 2 | 2 | 4 | nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C | |||
APT | 0.8 | 1 | 8 | 41 | 12 | 62 | A free-software user interface that works with core libraries to handle the installation and removal of software on Debian | |
ASP.NET | 0.8 | 3 | 1 | 4 | An open-source, server-side web-application framework designed for web development | |||
Adobe Reader | 0.8 | 1 | 1 | 2 | Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files | |||
Binutils | 0.8 | 1 | 16 | 24 | 41 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | ||
Chromium | 0.8 | 4 | 7 | 31 | 42 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | ||
FreeIPA | 0.8 | 1 | 4 | 2 | 7 | FreeIPA is a free and open source identity management system | ||
GNOME desktop | 0.8 | 8 | 52 | 9 | 69 | GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems | ||
GNU C Library | 0.8 | 4 | 8 | 28 | 4 | 44 | The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library | |
Google Chrome | 0.8 | 2 | 10 | 39 | 51 | 102 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
ICMP | 0.8 | 1 | 5 | 6 | The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues | |||
Mozilla Firefox | 0.8 | 4 | 41 | 52 | 9 | 106 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
Netty | 0.8 | 3 | 3 | Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients | ||||
Node.js | 0.8 | 3 | 6 | 35 | 7 | 51 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
OpenSSH | 0.8 | 1 | 3 | 12 | 22 | 6 | 44 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture |
OpenSSL | 0.8 | 1 | 3 | 14 | 38 | 17 | 73 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end |
PHP | 0.8 | 2 | 8 | 99 | 326 | 42 | 477 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. |
RPC | 0.8 | 8 | 37 | 5 | 50 | Remote Procedure Call Runtime | ||
Safari | 0.8 | 26 | 55 | 29 | 110 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | ||
Samba | 0.8 | 8 | 10 | 21 | 5 | 44 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
Visual Basic for Applications | 0.8 | 1 | 1 | 2 | 4 | Visual Basic for Applications is a computer programming language developed and owned by Microsoft | ||
Webkit | 0.8 | 2 | 1 | 3 | WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS | |||
WinRAR | 0.8 | 3 | 1 | 4 | WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH | |||
Windows NTFS | 0.8 | 13 | 1 | 14 | The default file system of the Windows NT family | |||
Windows Remote Desktop Protocol | 0.8 | 1 | 1 | Windows component | ||||
Xlib | 0.8 | 1 | 1 | 2 | Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language | |||
Zoom | 0.8 | 2 | 2 | Zoom is the leader in modern enterprise video communications | ||||
libvpx | 0.8 | 2 | 6 | 8 | libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia) | |||
libwebp | 0.8 | 2 | 2 | libwebp is a code library used to render and display images in the WebP format | ||||
.NET | 0.7 | 5 | 5 | .NET | ||||
.NET and Visual Studio | 0.7 | 1 | 1 | .NET and Visual Studio | ||||
Apache Tomcat | 0.7 | 1 | 2 | 2 | 1 | 6 | Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies | |
Apache Traffic Server | 0.7 | 2 | 11 | 13 | The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid | |||
BIND | 0.7 | 1 | 17 | 29 | 8 | 55 | BIND is a suite of software for interacting with the Domain Name System | |
Babel | 0.7 | 14 | 1 | 3 | 18 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | ||
Confluence | 0.7 | 1 | 1 | Confluence is a web-based corporate wiki | ||||
Curl | 0.7 | 5 | 13 | 4 | 22 | Curl is a command-line tool for transferring data specified with URL syntax | ||
ESXi | 0.7 | 3 | 3 | VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers | ||||
FFmpeg | 0.7 | 8 | 17 | 100 | 3 | 128 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
Kubernetes | 0.7 | 6 | 4 | 10 | Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management | |||
MariaDB | 0.7 | 1 | 1 | 2 | MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License | |||
MediaWiki | 0.7 | 7 | 81 | 32 | 120 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | ||
Oracle MySQL | 0.7 | 1 | 1 | MySQL is an open-source relational database management system | ||||
Point-to-Point Tunneling Protocol | 0.7 | 1 | 1 | 2 | The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks | |||
QEMU | 0.7 | 5 | 32 | 4 | 41 | QEMU is a generic and open source machine & userspace emulator and virtualizer | ||
SQLite | 0.7 | 5 | 10 | 2 | 17 | SQLite is a database engine written in the C programming language | ||
Struts | 0.7 | 1 | 1 | Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON | ||||
VMware Tools | 0.7 | 1 | 1 | VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems | ||||
Windows Security Center | 0.7 | 1 | 1 | Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems | ||||
iOS | 0.7 | 17 | 21 | 6 | 44 | iOS is an operating system developed and marketed by Apple Inc | ||
macOS | 0.7 | 2 | 1 | 3 | macOS is an operating system developed and marketed by Apple Inc | |||
vim | 0.7 | 6 | 6 | 1 | 13 | Vim is a free and open-source, screen-based text editor program | ||
Apache ActiveMQ | 0.6 | 1 | 1 | 5 | 3 | 10 | Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client | |
Bouncy Castle | 0.6 | 3 | 6 | 9 | Bouncy Castle is a collection of APIs used in cryptography | |||
DirectX | 0.6 | 2 | 2 | DirectX | ||||
Eclipse Mosquitto | 0.6 | 3 | 2 | 5 | Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines | |||
Exim | 0.6 | 1 | 12 | 4 | 17 | Exim is a mail transfer agent (MTA) used on Unix-like operating systems | ||
FreeRDP | 0.6 | 5 | 1 | 7 | 13 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | ||
ImageMagick | 0.6 | 2 | 62 | 7 | 71 | ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images | ||
Internet Explorer | 0.6 | 1 | 13 | 1 | 15 | Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft | ||
Jetty | 0.6 | 1 | 1 | 1 | 3 | Jetty is a Java based web server and servlet engine | ||
Microsoft Excel | 0.6 | 1 | 1 | MS Office product | ||||
Microsoft Word | 0.6 | 1 | 1 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | ||||
Nokogiri | 0.6 | 2 | 2 | Nokogiri is an open source XML and HTML library for the Ruby programming language | ||||
Oracle Java SE | 0.6 | 5 | 3 | 8 | Oracle Java SE | |||
Perl | 0.6 | 1 | 52 | 370 | 194 | 617 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
Puma | 0.6 | 1 | 1 | Puma is a Ruby/Rack web server built for parallelism | ||||
Python | 0.6 | 22 | 70 | 43 | 135 | Python is a high-level, general-purpose programming language | ||
ReadyMedia | 0.6 | 4 | 4 | ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients | ||||
Redis | 0.6 | 2 | 1 | 7 | 5 | 15 | Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability | |
Roundcube | 0.6 | 1 | 6 | 17 | 6 | 30 | Roundcube is a web-based IMAP email client | |
Wireshark | 0.6 | 14 | 139 | 43 | 196 | Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education | ||
libxml2 | 0.6 | 3 | 2 | 5 | libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project | |||
ownCloud | 0.6 | 2 | 1 | 3 | ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios | |||
pgAdmin | 0.6 | 1 | 1 | pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world | ||||
tiffcrop | 0.6 | 2 | 2 | 4 | Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s) | |||
wpa_supplicant | 0.6 | 1 | 4 | 1 | 6 | wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku | ||
7-Zip | 0.5 | 4 | 4 | KeePass is a free open source password manager, which helps you to manage your passwords in a secure way | ||||
CNG | 0.5 | 1 | 1 | CNG | ||||
Cacti | 0.5 | 19 | 30 | 32 | 81 | Cacti is an open source operational monitoring and fault management framework | ||
DNSSEC | 0.5 | 4 | 6 | 10 | The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups | |||
Docker | 0.5 | 1 | 8 | 7 | 16 | Docker | ||
FRRouting | 0.5 | 3 | 4 | 7 | Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD | |||
Flask | 0.5 | 2 | 2 | 4 | Flask is a lightweight WSGI web application framework | |||
GDI | 0.5 | 1 | 5 | 2 | 8 | GDI | ||
Group Policy | 0.5 | 1 | 1 | Group Policy | ||||
HID | 0.5 | 3 | 7 | 13 | 23 | HID | ||
KeePass | 0.5 | 2 | 1 | 3 | 7-Zip is a file archiver with a high compression ratio | |||
LNK | 0.5 | 3 | 3 | 6 | LNK | |||
Layer 2 Tunneling Protocol | 0.5 | 1 | 1 | Layer 2 Tunneling Protocol | ||||
Libarchive | 0.5 | 1 | 10 | 1 | 12 | Multi-format archive and compression library | ||
NetBIOS | 0.5 | 1 | 1 | NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network (LAN) | ||||
NumPy | 0.5 | 1 | 2 | 3 | NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions | |||
Openfire | 0.5 | 1 | 1 | Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License | ||||
Scripting Engine | 0.5 | 1 | 1 | 2 | Scripting Engine | |||
TLS | 0.5 | 10 | 37 | 50 | 97 | TLS | ||
TLS/SSL | 0.5 | 2 | 2 | TLS/SSL | ||||
TRIE | 0.5 | 1 | 33 | 12 | 46 | TRIE | ||
VBScript | 0.5 | 1 | 1 | VBScript | ||||
WEBDAV | 0.5 | 1 | 1 | WEBDAV | ||||
Werkzeug | 0.5 | 1 | 1 | Werkzeug is a comprehensive WSGI web application library | ||||
Word PDF | 0.5 | 1 | 1 | Word PDF | ||||
Xrdp | 0.5 | 4 | 4 | xrdp is an open source remote desktop protocol server | ||||
libjpeg | 0.5 | 13 | 7 | 20 | libjpeg | |||
nginx | 0.5 | 7 | 5 | 1 | 13 | Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache | ||
ntopng | 0.5 | 2 | 3 | 1 | 6 | ntopng is an open-source computer software for monitoring traffic on a computer network | ||
spip | 0.5 | 2 | 2 | 4 | SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing | |||
Azure | 0.4 | 3 | 3 | Azure | ||||
Flatpak | 0.4 | 1 | 1 | 2 | Flatpak is a utility for software deployment and package management for Linux | |||
GPAC | 0.4 | 26 | 73 | 36 | 135 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | ||
Git | 0.4 | 13 | 60 | 37 | 110 | Git | ||
LLDP | 0.4 | 1 | 1 | LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol) | ||||
Artifex Ghostscript | 0.3 | 8 | 1 | 9 | Artifex Ghostscript is an interpreter for the PostScript® language and PDF files | |||
Visual Studio | 0.3 | 1 | 1 | Integrated development environment | ||||
Unknown Product | 0 | 10 | 406 | 2489 | 3537 | 6442 | Unknown Product |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 5 | 88 | 415 | 1048 | 36 | 1592 |
Authentication Bypass | 0.98 | 1 | 4 | 22 | 67 | 2 | 96 |
Code Injection | 0.97 | 2 | 2 | 21 | 20 | 45 | |
Command Injection | 0.97 | 2 | 30 | 47 | 79 | ||
XXE Injection | 0.97 | 1 | 5 | 23 | 29 | ||
Arbitrary File Writing | 0.95 | 12 | 188 | 43 | 243 | ||
Security Feature Bypass | 0.9 | 1 | 5 | 45 | 146 | 3 | 200 |
Elevation of Privilege | 0.85 | 2 | 8 | 82 | 3 | 95 | |
Arbitrary File Reading | 0.83 | 7 | 49 | 12 | 68 | ||
Information Disclosure | 0.83 | 43 | 283 | 53 | 379 | ||
Cross Site Scripting | 0.8 | 92 | 458 | 135 | 685 | ||
Open Redirect | 0.75 | 14 | 2 | 16 | |||
Denial of Service | 0.7 | 7 | 228 | 1531 | 825 | 2591 | |
Path Traversal | 0.7 | 1 | 17 | 52 | 36 | 106 | |
Incorrect Calculation | 0.5 | 1 | 3 | 49 | 27 | 80 | |
Memory Corruption | 0.5 | 17 | 98 | 588 | 420 | 1123 | |
Spoofing | 0.4 | 2 | 5 | 5 | 12 | ||
Unknown Vulnerability Type | 0 | 2 | 81 | 740 | 3214 | 4037 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
almalinux | 5 | 8 | 43 | 58 | 114 | |
debian | 9 | 131 | 1125 | 5371 | 4802 | 11438 |
oraclelinux | 5 | 8 | 48 | 62 | 123 | |
redhat | 5 | 9 | 52 | 65 | 131 | |
redos | 7 | 15 | 57 | 24 | 103 | |
ubuntu | 11 | 9 | 180 | 213 | 413 |
1. Remote Code Execution - Apache HTTP Server (CVE-2021-42013) - Urgent [864]
Description: It was found that the fix for CVE-2021-41773 in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-42013 was patched at 2024-05-15
2. Code Injection - PHP (CVE-2017-9841) - Urgent [842]
Description: {'vulners_cve_data_all': 'Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.97 | 15 | Code Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-9841 was patched at 2024-05-15
3. Remote Code Execution - Apache HTTP Server (CVE-2021-41773) - Urgent [840]
Description: A flaw was found in a change made to path normalization in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, AttackerKB object, CISA object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-41773 was patched at 2024-05-15
4. Remote Code Execution - Google Chrome (CVE-2021-30632) - Urgent [835]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30632 was patched at 2024-05-15
5. Remote Code Execution - Apache Tomcat (CVE-2022-22965) - Urgent [830]
Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-22965 was patched at 2024-05-15
6. Remote Code Execution - OpenSSL (CVE-2010-0742) - Urgent [823]
Description: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL CMS结构处理内存破坏漏洞, [seebug] OpenSSL Cryptographic Message Syntax "OriginatorInfo" Vulnerability) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-0742 was patched at 2024-05-15
7. Code Injection - PHP (CVE-2009-1151) - Urgent [818]
Description: Static
debian: CVE-2009-1151 was patched at 2024-05-15
8. Security Feature Bypass - Google Chrome (CVE-2021-21220) - Urgent [817]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution, [githubexploit] Exploit for Out-of-bounds Write in Google Chrome, [zdt] Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution Exploit, [seebug] Chrome 远程代码执行漏洞(CVE-2021-21220)) | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-21220 was patched at 2024-05-15
9. Authentication Bypass - OpenSSH (CVE-2019-6110) - Urgent [808]
Description: {'vulners_cve_data_all': 'In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OpenSSH SCP Client - Write Arbitrary Files Exploit, [zdt] OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit, [packetstorm] SSHtranger Things SCP Client File Issue, [exploitpack] OpenSSH SCP Client - Write Arbitrary Files, [exploitpack] SCP Client - Multiple Vulnerabilities (SSHtranger Things), [exploitdb] SCP Client - Multiple Vulnerabilities (SSHtranger Things), [exploitdb] OpenSSH SCP Client - Write Arbitrary Files) | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-6110 was patched at 2024-05-15
10. Security Feature Bypass - Apache ActiveMQ (CVE-2016-3088) - Critical [796]
Description: {'vulners_cve_data_all': 'The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-3088 was patched at 2024-05-15
11. Security Feature Bypass - Google Chrome (CVE-2021-30533) - Critical [794]
Description: Insufficient policy enforcement in PopupBlocker in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30533 was patched at 2024-05-15
12. Elevation of Privilege - BIND (CVE-2020-0041) - Critical [780]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object, cisa_kev object, cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Input Validation in Google Android) | |
0.85 | 15 | Elevation of Privilege | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-0041 was patched at 2024-05-15
13. Denial of Service - Node.js (CVE-2015-8858) - Critical [770]
Description: The uglify-js package before 2.6.0 for
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2015-8858 was patched at 2024-05-15
14. Memory Corruption - Google Chrome (CVE-2021-30633) - Critical [758]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
1.0 | 10 | CVSS Base Score is 9.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30633 was patched at 2024-05-15
15. Memory Corruption - nghttp2 (CVE-2024-27983) - Critical [751]
Description: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-27983) | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C | |
0.8 | 10 | CVSS Base Score is 8.2. According to Vulners data source | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20
debian: CVE-2024-27983 was patched at 2024-05-15
oraclelinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22
redhat: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-29, 2024-06-03
redos: CVE-2024-27983 was patched at 2024-04-25
16. Memory Corruption - Google Chrome (CVE-2021-21206) - Critical [746]
Description: Use after free in Blink in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-21206 was patched at 2024-05-15
17. Memory Corruption - Google Chrome (CVE-2021-30551) - Critical [746]
Description: Type confusion in V8 in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Type Confusion in Google Chrome) | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30551 was patched at 2024-05-15
18. Memory Corruption - Google Chrome (CVE-2021-30563) - Critical [746]
Description: Type Confusion in V8 in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30563 was patched at 2024-05-15
19. Path Traversal - Openfire (CVE-2023-32315) - Critical [720]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Path Traversal | |
0.5 | 14 | Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
redos: CVE-2023-32315 was patched at 2024-05-03
20. Memory Corruption - Babel (CVE-2022-26127) - Critical [717]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-26127 was patched at 2024-05-15
ubuntu: CVE-2022-26127 was patched at 2024-06-05
21. Memory Corruption - Babel (CVE-2022-26128) - Critical [717]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-26128 was patched at 2024-05-15
ubuntu: CVE-2022-26128 was patched at 2024-06-05
22. Memory Corruption - Babel (CVE-2022-26129) - Critical [717]
Description: {'vulners_cve_data_all': 'Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-26129 was patched at 2024-05-15
ubuntu: CVE-2022-26129 was patched at 2024-06-05
23. Denial of Service - HTTP/2 (CVE-2023-45288) - Critical [691]
Description: {'vulners_cve_data_all': 'An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2023-45288) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2023-45288 was patched at 2024-04-23, 2024-04-29, 2024-04-30, 2024-05-06, 2024-05-07, 2024-05-22, 2024-05-23
debian: CVE-2023-45288 was patched at 2024-05-15
oraclelinux: CVE-2023-45288 was patched at 2024-04-23, 2024-05-07, 2024-05-08, 2024-05-29
redhat: CVE-2023-45288 was patched at 2024-04-23, 2024-04-26, 2024-04-29, 2024-04-30, 2024-05-02, 2024-05-06, 2024-05-07, 2024-05-09, 2024-05-20, 2024-05-21, 2024-05-22, 2024-05-23, 2024-05-29
redos: CVE-2023-45288 was patched at 2024-04-22
24. Remote Code Execution - Unknown Product (CVE-2016-4437) - Critical [690]
Description: {'vulners_cve_data_all': 'Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Apache Shiro 1.2.4 Remote Code Execution, [zdt] Apache Shiro 1.2.4 Remote Code Execution Exploit) | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 8.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-4437 was patched at 2024-05-15
25. Remote Code Execution - Unknown Product (CVE-2019-17558) - Critical [690]
Description: {'vulners_cve_data_all': 'Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Injection in Apache Solr, [githubexploit] Exploit for Injection in Apache Solr, [githubexploit] Exploit for Injection in Apache Solr, [zdt] Apache Solr 8.3.0 Velocity Template Remote Code Execution Exploit, [packetstorm] Apache Solr 8.3.0 Velocity Template Remote Code Execution) | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-17558 was patched at 2024-05-15
26. Remote Code Execution - Unknown Product (CVE-2021-33035) - Critical [690]
Description: {'vulners_cve_data_all': 'Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-33035 was patched at 2024-05-15
27. Remote Code Execution - Unknown Product (CVE-2022-25942) - Critical [690]
Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-25942 was patched at 2024-05-15
28. Remote Code Execution - Unknown Product (CVE-2022-25972) - Critical [690]
Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-25972 was patched at 2024-05-15
29. Remote Code Execution - Unknown Product (CVE-2022-26061) - Critical [690]
Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-26061 was patched at 2024-05-15
30. Security Feature Bypass - Chromium (CVE-2024-3838) - Critical [680]
Description: {'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-3838 was patched at 2024-04-20, 2024-05-15
redos: CVE-2024-3838 was patched at 2024-05-03
31. Denial of Service - GNU C Library (CVE-2024-2961) - Critical [675]
Description: The iconv() function in the
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-2961, [githubexploit] Exploit for CVE-2024-2961, [githubexploit] Exploit for CVE-2024-2961) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2024-2961 was patched at 2024-05-07, 2024-05-22, 2024-05-23
debian: CVE-2024-2961 was patched at 2024-04-23, 2024-05-15
oraclelinux: CVE-2024-2961 was patched at 2024-05-08, 2024-05-29, 2024-06-05
redhat: CVE-2024-2961 was patched at 2024-05-07, 2024-05-09, 2024-05-22, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04
redos: CVE-2024-2961 was patched at 2024-05-03
ubuntu: CVE-2024-2961 was patched at 2024-04-18, 2024-04-29, 2024-05-02
32. Security Feature Bypass - Unknown Product (CVE-2020-35380) - Critical [672]
Description: {'vulners_cve_data_all': 'GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-35380 was patched at 2024-05-15
33. Denial of Service - Binutils (CVE-2017-16829) - Critical [669]
Description: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-16829 was patched at 2024-05-15
34. Unknown Vulnerability Type - Node.js (CVE-2015-8857) - Critical [669]
Description: {'vulners_cve_data_all': 'The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2015-8857 was patched at 2024-05-15
35. Denial of Service - nghttp2 (CVE-2024-28182) - Critical [650]
Description: {'vulners_cve_data_all': 'nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C | |
0.5 | 10 | CVSS Base Score is 5.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-30
debian: CVE-2024-28182 was patched at 2024-05-15
oraclelinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22
redhat: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-30, 2024-06-03, 2024-06-06
redos: CVE-2024-28182 was patched at 2024-05-07
ubuntu: CVE-2024-28182 was patched at 2024-04-25, 2024-05-07
36. Unknown Vulnerability Type - Linux Kernel (CVE-2013-6282) - Critical [650]
Description: {'vulners_cve_data_all': 'The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object) website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux ARM - Local Root Exploit, [zdt] Android get_user/put_user Exploit, [packetstorm] Android get_user/put_user Exploit, [metasploit] Android get_user/put_user Exploit, [exploitpack] Linux Kernel 3.4.5 (Android 4.2.24.4 ARM) - Local Privilege Escalation, [exploitdb] Google Android - get_user/put_user (Metasploit), [exploitdb] Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation) | |
0 | 15 | Unknown Vulnerability Type | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.2. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-6282 was patched at 2024-05-15
37. Memory Corruption - Chromium (CVE-2024-3834) - Critical [645]
Description: Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-3834 was patched at 2024-04-20, 2024-05-15
redos: CVE-2024-3834 was patched at 2024-05-03
38. Memory Corruption - Google Chrome (CVE-2021-30549) - Critical [645]
Description: Use after free in Spell check in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30549 was patched at 2024-05-15
39. Memory Corruption - Google Chrome (CVE-2021-30554) - Critical [645]
Description: Use after free in WebGL in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30554 was patched at 2024-05-15
40. Memory Corruption - Chromium (CVE-2024-4671) - Critical [639]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-4671 was patched at 2024-05-10, 2024-05-15
41. Remote Code Execution - Windows Kernel (CVE-2008-2430) - Critical [638]
Description: Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player WAV文件缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Windows Kernel | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-2430 was patched at 2024-05-15
42. Denial of Service - Unknown Product (CVE-2020-36066) - Critical [636]
Description: {'vulners_cve_data_all': 'GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-36066 was patched at 2024-05-15
43. Remote Code Execution - GNU C Library (CVE-2002-0391) - Critical [633]
Description: Integer overflow in xdr_array function in RPC servers for operating systems that use libc,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: TTDB_XDRARRAY, [canvas] Immunity Canvas: CMSD_XDRARRAY) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2002-0391 was patched at 2024-05-15
44. Remote Code Execution - GNU C Library (CVE-2014-9984) - Critical [633]
Description: nscd in the GNU C Library (aka
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Cisco Device Hardcoded Credentials / GNU glibc / BusyBox, [packetstorm] WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-9984 was patched at 2024-05-15
ubuntu: CVE-2014-9984 was patched at 2024-05-02
45. Remote Code Execution - Google Chrome (CVE-2012-2864) - Critical [633]
Description: Mesa, as used in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Chrome OS 远程代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-2864 was patched at 2024-05-15
46. Remote Code Execution - Google Chrome (CVE-2020-6572) - Critical [633]
Description: Use after free in Media in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-6572 was patched at 2024-05-15
47. Remote Code Execution - Mozilla Firefox (CVE-2009-3377) - Critical [633]
Description: Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox多个内存破坏漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-3377 was patched at 2024-05-15
48. Remote Code Execution - OpenSSL (CVE-2022-2274) - Critical [633]
Description: The
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Openssl) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-2274 was patched at 2024-05-15
49. Remote Code Execution - PHP (CVE-2021-32708) - Critical [633]
Description: Flysystem is an open source file storage library for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([srcincite] SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-32708 was patched at 2024-05-15
50. Remote Code Execution - PHP (CVE-2023-24813) - Critical [633]
Description: Dompdf is an HTML to PDF converter written in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Authorization in Dompdf Project Dompdf, [githubexploit] Exploit for Incorrect Authorization in Dompdf Project Dompdf) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-24813 was patched at 2024-05-15
51. Remote Code Execution - PHP (CVE-2023-28115) - Critical [633]
Description: Snappy is a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-28115 was patched at 2024-05-15
52. Remote Code Execution - Samba (CVE-2002-1318) - Critical [633]
Description: Buffer overflow in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2002-1318 was patched at 2024-05-15
53. Remote Code Execution - Samba (CVE-2003-0085) - Critical [633]
Description: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: SAMBA_NTTRANS, [packetstorm] Samba nttrans Overflow) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2003-0085 was patched at 2024-05-15
54. Remote Code Execution - Samba (CVE-2003-0196) - Critical [633]
Description: Multiple buffer overflows in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [packetstorm] Samba trans2open Overflow (Solaris SPARC), [packetstorm] Samba trans2open Overflow, [packetstorm] Samba trans2open Overflow (Mac OS X), [canvas] Immunity Canvas: SAMBA_TRANS2) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2003-0196 was patched at 2024-05-15
55. Remote Code Execution - Samba (CVE-2003-0201) - Critical [633]
Description: Buffer overflow in the call_trans2open function in trans2.c for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [packetstorm] Samba trans2open Overflow (Solaris SPARC), [packetstorm] Samba trans2open Overflow, [packetstorm] Samba trans2open Overflow (Mac OS X), [canvas] Immunity Canvas: SAMBA_TRANS2) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2003-0201 was patched at 2024-05-15
56. Remote Code Execution - Samba (CVE-2004-0600) - Critical [633]
Description: Buffer overflow in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] sambaPoC.txt) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2004-0600 was patched at 2024-05-15
57. Command Injection - Node.js (CVE-2019-10061) - Critical [627]
Description: utils/find-opencv.js in node-opencv (aka OpenCV bindings for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Node-Opencv Project Node-Opencv) | |
0.97 | 15 | Command Injection | |
0.8 | 14 | Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-10061 was patched at 2024-05-15
58. Remote Code Execution - Linux Kernel (CVE-2008-4395) - Critical [626]
Description: Multiple buffer overflows in the ndiswrapper module 1.53 for the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel ndiswrapper模块远程溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 8.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-4395 was patched at 2024-05-15
59. Remote Code Execution - Windows Kernel (CVE-2021-40826) - Critical [626]
Description: Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-40826 was patched at 2024-05-15
60. Remote Code Execution - Windows LDAP (CVE-2006-3747) - Critical [626]
Description: Off-by-one error in the
debian: CVE-2006-3747 was patched at 2024-05-15
61. Memory Corruption - Unknown Product (CVE-2023-47212) - Critical [625]
Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0 | 14 | Unknown Product | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-47212 was patched at 2024-05-15
62. Memory Corruption - FreeRDP (CVE-2024-32041) - Critical [623]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32041 was patched at 2024-05-15
ubuntu: CVE-2024-32041 was patched at 2024-04-24
63. Memory Corruption - FreeRDP (CVE-2024-32458) - Critical [623]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32458 was patched at 2024-05-15
ubuntu: CVE-2024-32458 was patched at 2024-04-24
64. Memory Corruption - FreeRDP (CVE-2024-32459) - Critical [623]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32459 was patched at 2024-05-15
ubuntu: CVE-2024-32459 was patched at 2024-04-24
65. Remote Code Execution - Google Chrome (CVE-2021-30526) - Critical [621]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30526 was patched at 2024-05-15
66. Remote Code Execution - Mozilla Firefox (CVE-2009-3378) - Critical [621]
Description: The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox多个内存破坏漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-3378 was patched at 2024-05-15
67. Remote Code Execution - Mozilla Firefox (CVE-2010-1028) - Critical [621]
Description: Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Mozilla Firefox 3.6 - Integer Overflow Exploit, [seebug] Mozilla Firefox 3.6 WOFF解码器整数溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-1028 was patched at 2024-05-15
68. Remote Code Execution - PHP (CVE-2018-14857) - Critical [621]
Description: Unrestricted file upload (with
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OCS Inventory NG Webconsole Shell Upload, [zdt] OCS Inventory NG Webconsole Shell Upload Vulnerability) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-14857 was patched at 2024-05-15
69. Remote Code Execution - Safari (CVE-2008-2307) - Critical [621]
Description: Unspecified vulnerability in WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari内存破坏漏洞, [seebug] Apple Safari WebKit JavaScript数组远程溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-2307 was patched at 2024-05-15
70. Remote Code Execution - Safari (CVE-2009-1686) - Critical [621]
Description: WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1686 was patched at 2024-05-15
71. Remote Code Execution - Safari (CVE-2009-1701) - Critical [621]
Description: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1701 was patched at 2024-05-15
72. Remote Code Execution - Safari (CVE-2009-1711) - Critical [621]
Description: WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1711 was patched at 2024-05-15
73. Remote Code Execution - Safari (CVE-2009-1712) - Critical [621]
Description: WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1712 was patched at 2024-05-15
74. Remote Code Execution - Safari (CVE-2017-2505) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JSC BindingNode::bindValue Failed Reference Count Increase, [seebug] WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count(CVE-2017-2505)) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2505 was patched at 2024-05-15
75. Remote Code Execution - Safari (CVE-2017-2514) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit WebCore::FrameView::scheduleRelayout Use-After-Free, [zdt] Apple WebKit / Safari 10.0.3(12602.4.8) - WebCore::FrameView::scheduleRelayout Use-After-Free Exploi, [seebug] WebKit WebCore::FrameView::scheduleRelayout Use-After-Free(CVE-2017-2514)) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2514 was patched at 2024-05-15
76. Remote Code Execution - Safari (CVE-2017-2515) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - Stealing Variables via Page Navigation in FrameLoader::clear Exploit, [packetstorm] WebKit FrameLoader::clear Variable Theft) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2515 was patched at 2024-05-15
77. Remote Code Execution - Safari (CVE-2017-2521) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC JSObject::ensureLength Failure Check Vulnerability, [seebug] WebKit Unspecified Memory Corruption Vulnerability(CVE-2017-2521), [packetstorm] WebKit JSC JSObject::ensureLength Failure Check) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2521 was patched at 2024-05-15
78. Remote Code Execution - Safari (CVE-2017-2531) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check(CVE-2017-2531), [packetstorm] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check, [zdt] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check Vulnerability) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2531 was patched at 2024-05-15
79. Remote Code Execution - Safari (CVE-2017-2536) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution Exploit, [seebug] Exploiting an integer overflow with array spreading (WebKit)) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2536 was patched at 2024-05-15
80. Remote Code Execution - Safari (CVE-2017-2547) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JSC Jit Optimization Check Failure, [zdt] WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2547 was patched at 2024-05-15
81. Remote Code Execution - Safari (CVE-2017-6980) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices Exploit, [packetstorm] WebKit JSC arrayProtoFuncSplice Initialization Fail) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-6980 was patched at 2024-05-15
82. Remote Code Execution - Safari (CVE-2017-6984) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales Exploit, [packetstorm] WebKit JSC Intl.getCanonicalLocales Heap Buffer Overflow) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-6984 was patched at 2024-05-15
83. Remote Code Execution - Safari (CVE-2017-7040) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit: use-after-free in WebCore::getCachedWrapper(CVE-2017-7040), [packetstorm] WebKit WebCore::getCachedWrapper Use-After-Free, [zdt] WebKit - WebCore::getCachedWrapper Use-After-Free Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7040 was patched at 2024-05-15
84. Remote Code Execution - Safari (CVE-2017-7041) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::Node::getFlag Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::Node::getFlag(CVE-2017-7041), [packetstorm] WebKit WebCore::Node::getFlag Use-After-Free) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7041 was patched at 2024-05-15
85. Remote Code Execution - Safari (CVE-2017-7042) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::InputType::element Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::InputType::element(CVE-2017-7042), [packetstorm] WebKit WebCore::InputType::element Use-After-Free) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7042 was patched at 2024-05-15
86. Remote Code Execution - Safari (CVE-2017-7043) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free, [zdt] WebKit - WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::AccessibilityRenderObject::handleAriaExpandedChanged(CVE-2017-7043)) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7043 was patched at 2024-05-15
87. Remote Code Execution - Safari (CVE-2017-7049) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow Exploit, [seebug] WebKit: heap-buffer-overflow in WebCore::RenderSearchField::addSearchResult(CVE-2017-7049), [packetstorm] WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7049 was patched at 2024-05-15
88. Remote Code Execution - Safari (CVE-2017-7081) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 11 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7081 was patched at 2024-05-15
89. Remote Code Execution - Safari (CVE-2017-7094) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 11 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7094 was patched at 2024-05-15
90. Remote Code Execution - Safari (CVE-2017-7099) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 11 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-7099 was patched at 2024-05-15
91. Remote Code Execution - Safari (CVE-2018-4089) - Critical [621]
Description: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - detachWrapper Use-After-Free Exploit, [zdt] WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-4089 was patched at 2024-05-15
92. Remote Code Execution - Samba (CVE-2009-1886) - Critical [621]
Description: Multiple format string vulnerabilities in client/client.c in smbclient in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba格式串和安全绕过漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1886 was patched at 2024-05-15
93. Remote Code Execution - Windows Remote Desktop Protocol (CVE-2008-1802) - Critical [621]
Description: Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] rdesktoppdu-overflow.txt, [seebug] rdesktop多个缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-1802 was patched at 2024-05-15
94. Authentication Bypass - OpenSSH (CVE-2006-5794) - Critical [617]
Description: Unspecified vulnerability in the sshd Privilege Separation Monitor in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-5794 was patched at 2024-05-15
95. Remote Code Execution - Babel (CVE-2022-41793) - Critical [616]
Description: An out-of-bounds write vulnerability exists in the CSR format title functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-41793 was patched at 2024-05-15
96. Remote Code Execution - Babel (CVE-2022-42885) - Critical [616]
Description: A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-42885 was patched at 2024-05-15
97. Remote Code Execution - Babel (CVE-2022-43467) - Critical [616]
Description: An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-43467 was patched at 2024-05-15
98. Remote Code Execution - Babel (CVE-2022-44451) - Critical [616]
Description: A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-44451 was patched at 2024-05-15
99. Remote Code Execution - Babel (CVE-2022-46280) - Critical [616]
Description: A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46280 was patched at 2024-05-15
100. Remote Code Execution - Babel (CVE-2022-46289) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46289 was patched at 2024-05-15
101. Remote Code Execution - Babel (CVE-2022-46290) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46290 was patched at 2024-05-15
102. Remote Code Execution - Babel (CVE-2022-46292) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46292 was patched at 2024-05-15
103. Remote Code Execution - Babel (CVE-2022-46293) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46293 was patched at 2024-05-15
104. Remote Code Execution - Babel (CVE-2022-46294) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46294 was patched at 2024-05-15
105. Remote Code Execution - Babel (CVE-2022-46295) - Critical [616]
Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-46295 was patched at 2024-05-15
106. Remote Code Execution - FFmpeg (CVE-2009-4633) - Critical [616]
Description: vorbis_dec.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4633 was patched at 2024-05-15
107. Remote Code Execution - FFmpeg (CVE-2009-4634) - Critical [616]
Description: Multiple integer underflows in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4634 was patched at 2024-05-15
108. Remote Code Execution - FFmpeg (CVE-2009-4637) - Critical [616]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4637 was patched at 2024-05-15
109. Remote Code Execution - FFmpeg (CVE-2016-10192) - Critical [616]
Description: Heap-based buffer overflow in ffserver.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg Heap Overflow vulnerability (CVE-2016-10190)) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-10192 was patched at 2024-05-15
110. Security Feature Bypass - PHP (CVE-2021-43617) - Critical [615]
Description: {'vulners_cve_data_all': 'Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-43617 was patched at 2024-05-15
111. Remote Code Execution - Sudo (CVE-2012-0809) - Critical [614]
Description: Format string vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation, [zdt] Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit, [seebug] sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass, [exploitdb] sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation) | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user | |
0.7 | 10 | CVSS Base Score is 7.2. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-0809 was patched at 2024-05-15
112. Remote Code Execution - Windows LDAP (CVE-2021-42550) - Critical [614]
Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication | |
0.7 | 10 | CVSS Base Score is 6.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-42550 was patched at 2024-05-15
113. Denial of Service - Unknown Product (CVE-2024-0911) - Critical [613]
Description: {'vulners_cve_data_all': 'A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-0911 was patched at 2024-05-15
114. Elevation of Privilege - Linux Kernel (CVE-2022-1043) - Critical [611]
Description: A flaw was found in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] io_uring Same Type Object Reuse Privilege Escalation Exploit, [metasploit] io_uring Same Type Object Reuse Priv Esc, [packetstorm] io_uring Same Type Object Reuse Privilege Escalation) | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-1043 was patched at 2024-05-15
115. Remote Code Execution - APT (CVE-2007-4629) - Critical [609]
Description: Buffer overflow in the processLine function in m
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer远程栈溢出及跨站脚本漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | A free-software user interface that works with core libraries to handle the installation and removal of software on Debian | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-4629 was patched at 2024-05-15
116. Remote Code Execution - Adobe Reader (CVE-2006-3459) - Critical [609]
Description: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Adobe Reader和Acrobat TIFF图像处理缓冲区溢出漏洞, [seebug] Libtiff图形库多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-3459 was patched at 2024-05-15
117. Remote Code Execution - GNU C Library (CVE-2003-0028) - Critical [609]
Description: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: CMSD_XDRARRAY, [canvas] Immunity Canvas: TTDB_XDRARRAY) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2003-0028 was patched at 2024-05-15
118. Remote Code Execution - Mozilla Firefox (CVE-2006-4253) - Critical [609]
Description: Concurrency vulnerability in Mozilla
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.8 | 10 | CVSS Base Score is 7.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-4253 was patched at 2024-05-15
119. Remote Code Execution - OpenSSH (CVE-2019-16905) - Critical [609]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-16905 was patched at 2024-05-15
120. Remote Code Execution - OpenSSL (CVE-2002-0656) - Critical [609]
Description: Buffer overflows in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability 2, [canvas] Immunity Canvas: OPENSSL_KEYLEN) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2002-0656 was patched at 2024-05-15
121. Remote Code Execution - PHP (CVE-2011-4899) - Critical [609]
Description: wp-admin/setup-config.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Elipse E3 Scada PLC Denial Of Service, [packetstorm] WordPress 3.3.1 Code Execution / Cross Site Scripting, [seebug] wordpress <= 3.3.1 - Multiple Vulnerabilities, [seebug] WordPress 3.3.1 Code Execution / Cross Site Scripting, [exploitpack] WordPress 3.3.1 - Multiple Vulnerabilities, [exploitdb] WordPress Core 3.3.1 - Multiple Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-4899 was patched at 2024-05-15
122. Remote Code Execution - Safari (CVE-2018-4192) - Critical [609]
Description: An issue was discovered in certain Apple products. iOS before 11.4 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] JavaScript Core - Arbitrary Code Execution Exploit, [packetstorm] JavaScript Core Arbitrary Code Execution) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-4192 was patched at 2024-05-15
123. Remote Code Execution - Safari (CVE-2020-15138) - Critical [609]
Description: Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Prismjs Previewers) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-15138 was patched at 2024-05-15
124. Remote Code Execution - Samba (CVE-2007-0454) - Critical [609]
Description: Format string vulnerability in the afsacl.so VFS module in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba服务器VFS插件afsacl.so远程格式串处理漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-0454 was patched at 2024-05-15
125. Authentication Bypass - Chromium (CVE-2021-30617) - Critical [605]
Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30617 Policy bypass in Blink', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30617 was patched at 2024-05-15
126. Authentication Bypass - OpenSSL (CVE-2016-7054) - Critical [605]
Description: {'vulners_cve_data_all': 'In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OpenSSL 1.1.0a/1.1.0b - Denial of Service Exploit, [exploitpack] OpenSSL 1.1.0a1.1.0b - Denial of Service, [exploitdb] OpenSSL 1.1.0a/1.1.0b - Denial of Service) | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-7054 was patched at 2024-05-15
127. Authentication Bypass - Samba (CVE-2022-32743) - Critical [605]
Description: {'vulners_cve_data_all': 'Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-32743 was patched at 2024-05-15
128. Code Injection - PHP (CVE-2005-2612) - Critical [604]
Description: Direct
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress cache_lastpostdate Arbitrary Code Execution, [packetstorm] WordPress cache_lastpostdate Arbitrary Code Execution) | |
0.97 | 15 | Code Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2005-2612 was patched at 2024-05-15
129. Code Injection - PHP (CVE-2009-1285) - Critical [604]
Description: Static
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin配置文件PHP代码注入漏洞, [seebug] CVE-2009-1285: phpMyAdmin Code Injection) | |
0.97 | 15 | Code Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1285 was patched at 2024-05-15
130. Command Injection - OpenSSH (CVE-2020-15778) - Critical [604]
Description: scp in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Openbsd Openssh, [githubexploit] Exploit for OS Command Injection in Openbsd Openssh) | |
0.97 | 15 | Command Injection | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2020-15778 was patched at 2024-05-22
debian: CVE-2020-15778 was patched at 2024-05-15
oraclelinux: CVE-2020-15778 was patched at 2024-05-23
redhat: CVE-2020-15778 was patched at 2024-05-22
131. Remote Code Execution - FFmpeg (CVE-2008-3162) - Critical [604]
Description: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-3162 was patched at 2024-05-15
132. Remote Code Execution - FFmpeg (CVE-2009-0385) - Critical [604]
Description: Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg 4xm文件解析内存破坏漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0385 was patched at 2024-05-15
133. Remote Code Execution - FFmpeg (CVE-2009-4631) - Critical [604]
Description: Off-by-one error in the VP3 decoder (vp3.c) in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4631 was patched at 2024-05-15
134. Remote Code Execution - FFmpeg (CVE-2009-4635) - Critical [604]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4635 was patched at 2024-05-15
135. XXE Injection - Safari (CVE-2009-1699) - Critical [604]
Description: The XSL stylesheet implementation in WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: SAFARI_FILE_STEALING2, [seebug] Apple Safari 4.0多个安全漏洞) | |
0.97 | 15 | XXE Injection | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1699 was patched at 2024-05-15
136. Incorrect Calculation - FreeRDP (CVE-2024-32040) - Critical [600]
Description: {'vulners_cve_data_all': 'FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Incorrect Calculation | |
0.6 | 14 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | |
0.8 | 10 | CVSS Base Score is 8.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32040 was patched at 2024-05-15
ubuntu: CVE-2024-32040 was patched at 2024-04-24
137. Memory Corruption - FreeRDP (CVE-2024-32460) - Critical [600]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.6 | 14 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license | |
0.8 | 10 | CVSS Base Score is 8.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32460 was patched at 2024-05-15
ubuntu: CVE-2024-32460 was patched at 2024-04-24
138. Remote Code Execution - Perl (CVE-2011-2764) - Critical [600]
Description: The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not pro
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Quake 3 Shell Injection / Code Execution) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-2764 was patched at 2024-05-15
139. Remote Code Execution - Redis (CVE-2016-8339) - Critical [600]
Description: A buffer overflow in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability(CVE-2016-8339)) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-8339 was patched at 2024-05-15
140. Remote Code Execution - Redis (CVE-2021-33026) - Critical [600]
Description: The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Deserialization of Untrusted Data in Flask-Caching Project Flask-Caching) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-33026 was patched at 2024-05-15
141. Remote Code Execution - Roundcube (CVE-2008-5619) - Critical [600]
Description: html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (
debian: CVE-2008-5619 was patched at 2024-05-15
142. Remote Code Execution - GNOME desktop (CVE-2008-5987) - High [597]
Description: Untrusted search path vulnerability in the Python interface in Eye of
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-5987 was patched at 2024-05-15
143. Remote Code Execution - PHP (CVE-2007-1001) - High [597]
Description: Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mac OS X 2007-007更新修复多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-1001 was patched at 2024-05-15
144. Path Traversal - Windows Kernel (CVE-2009-0841) - High [596]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞) | |
0.7 | 15 | Path Traversal | |
0.9 | 14 | Windows Kernel | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0841 was patched at 2024-05-15
145. Security Feature Bypass - Linux Kernel (CVE-2018-14656) - High [596]
Description: {'vulners_cve_data_all': 'A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: DMESG_LEAK) | |
0.9 | 15 | Security Feature Bypass | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.7 | 10 | CVSS Base Score is 7.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-14656 was patched at 2024-05-15
146. Authentication Bypass - OpenSSH (CVE-2023-51767) - High [594]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.98 | 15 | Authentication Bypass | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.7 | 10 | CVSS Base Score is 7.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-51767 was patched at 2024-05-15
147. Command Injection - Python (CVE-2017-2810) - High [594]
Description: {'vulners_cve_data_all': 'An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tablib Yaml Load Code Execution Vulnerability(CVE-2017-2810)) | |
0.97 | 15 | Command Injection | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2810 was patched at 2024-05-15
148. Remote Code Execution - Apache Tomcat (CVE-2007-0774) - High [592]
Description: Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([d2] DSquare Exploit Pack: D2SEC_MOD_JK, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [packetstorm] apache_modjk_overflow.rb.txt) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-0774 was patched at 2024-05-15
149. Remote Code Execution - Curl (CVE-2013-0249) - High [592]
Description: Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] cURL Buffer Overflow, [seebug] cURL Buffer Overflow Vulnerability, [zdt] cURL Buffer Overflow Vulnerability, [exploitpack] cURL - Buffer Overflow (PoC), [exploitdb] cURL - Buffer Overflow (PoC)) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Curl is a command-line tool for transferring data specified with URL syntax | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-0249 was patched at 2024-05-15
150. Remote Code Execution - iOS (CVE-2012-6096) - High [592]
Description: Multiple stack-based buffer overflows in the get_history function in history.cgi in Nag
debian: CVE-2012-6096 was patched at 2024-05-15
151. Security Feature Bypass - BIND (CVE-2024-3044) - High [592]
Description: {'vulners_cve_data_all': 'Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-3044 was patched at 2024-05-15
redos: CVE-2024-3044 was patched at 2024-05-29
ubuntu: CVE-2024-3044 was patched at 2024-05-28
152. XXE Injection - PHP (CVE-2011-4107) - High [592]
Description: The simplexml_load_string function in the XML import plug-in (libraries/import/xml.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] phpMyAdmin 3.3.x / 3.4.x Local File Inclusion Via XXE Injection, [exploitpack] phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit), [seebug] phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection, [seebug] phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection, [exploitdb] phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)) | |
0.97 | 15 | XXE Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-4107 was patched at 2024-05-15
153. Remote Code Execution - Linux Kernel (CVE-2012-3364) - High [590]
Description: Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel NCI多个远程栈缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-3364 was patched at 2024-05-15
154. Remote Code Execution - Unknown Product (CVE-2023-44452) - High [589]
Description: {'vulners_cve_data_all': 'Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
1.0 | 15 | Remote Code Execution | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
redos: CVE-2023-44452 was patched at 2024-04-18
155. Remote Code Execution - DirectX (CVE-2010-3275) - High [588]
Description: lib
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC AMV Dangling Pointer Vulnerability, [seebug] VLC Media Player ".AMV"和".NSV"多个远程缓冲区溢出漏洞, [packetstorm] VLC AMV Dangling Pointer Vulnerability, [metasploit] VLC AMV Dangling Pointer Vulnerability, [exploitdb] VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer (Metasploit)) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | DirectX | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-3275 was patched at 2024-05-15
156. Remote Code Execution - DirectX (CVE-2010-3276) - High [588]
Description: lib
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player ".AMV"和".NSV"多个远程缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | DirectX | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-3276 was patched at 2024-05-15
157. Remote Code Execution - ImageMagick (CVE-2007-4987) - High [588]
Description: Off-by-one error in the ReadBlobString function in blob.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ImageMagick blob.c文件单字节缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-4987 was patched at 2024-05-15
158. Remote Code Execution - Perl (CVE-2008-2363) - High [588]
Description: The PartsBatch class in Pan 0.132 and earlier does not pro
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pan .nzb文件解析堆溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-2363 was patched at 2024-05-15
159. Remote Code Execution - Python (CVE-2009-3850) - High [588]
Description: Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Blender 2.342.35a2.42.49b - .blend Command Injection, [packetstorm] Core Security Technologies Advisory 2009.0912, [seebug] Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection, [seebug] Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection, [seebug] Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection, [exploitdb] Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-3850 was patched at 2024-05-15
160. Remote Code Execution - Redis (CVE-2022-31144) - High [588]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Redis) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-31144 was patched at 2024-05-15
161. Remote Code Execution - Wireshark (CVE-2009-4376) - High [588]
Description: Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark 1.2.5版本修复多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4376 was patched at 2024-05-15
162. Remote Code Execution - Wireshark (CVE-2011-1591) - High [588]
Description: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in
debian: CVE-2011-1591 was patched at 2024-05-15
163. Authentication Bypass - Unknown Product (CVE-2023-22602) - High [585]
Description: {'vulners_cve_data_all': 'When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.\n\nThe authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.\nMitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.98 | 15 | Authentication Bypass | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-22602 was patched at 2024-05-15
164. Denial of Service - Linux Kernel (CVE-2011-2189) - High [584]
Description: net/core/net_namespace.c in the
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-2189 was patched at 2024-05-15
165. Security Feature Bypass - Linux Kernel (CVE-2021-4148) - High [584]
Description: {'vulners_cve_data_all': 'A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-4148 was patched at 2024-05-15
166. Code Injection - PHP (CVE-2022-23808) - High [580]
Description: An issue was discovered in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Phpmyadmin) | |
0.97 | 15 | Code Injection | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-23808 was patched at 2024-05-15
167. Remote Code Execution - BIND (CVE-2009-0317) - High [580]
Description: Untrusted search path vulnerability in the Python language
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0317 was patched at 2024-05-15
168. Remote Code Execution - FFmpeg (CVE-2010-3429) - High [580]
Description: flicvideo.c in libavcodec 0.6 and earlier in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg libavcodec "vmd decode()"堆缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-3429 was patched at 2024-05-15
169. Remote Code Execution - FFmpeg (CVE-2010-3908) - High [580]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg畸形".wmv"文件解析内存破坏远程代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2010-3908 was patched at 2024-05-15
170. Remote Code Execution - FFmpeg (CVE-2011-0722) - High [580]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg Real Media文件解析内存破坏远程代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-0722 was patched at 2024-05-15
171. Remote Code Execution - FFmpeg (CVE-2011-0723) - High [580]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg畸形"VC1"文件解析内存破坏远程代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-0723 was patched at 2024-05-15
172. Remote Code Execution - FFmpeg (CVE-2012-0859) - High [580]
Description: The render_line function in the vorbis codec (vorbis.c) in libavcodec in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Chrome 15.x MKV和Vorbis媒体处理漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-0859 was patched at 2024-05-15
173. Remote Code Execution - vim (CVE-2009-0316) - High [580]
Description: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Vim PySys_SetArgv函数本地命令执行漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | Vim is a free and open-source, screen-based text editor program | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0316 was patched at 2024-05-15
174. Security Feature Bypass - Google Chrome (CVE-2021-30531) - High [579]
Description: Insufficient policy enforcement in Content Security Policy in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30531 was patched at 2024-05-15
175. Security Feature Bypass - Google Chrome (CVE-2021-30534) - High [579]
Description: Insufficient policy enforcement in iFrameSandbox in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30534 was patched at 2024-05-15
176. Security Feature Bypass - Google Chrome (CVE-2021-30540) - High [579]
Description: {'vulners_cve_data_all': 'Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30540 was patched at 2024-05-15
177. Remote Code Execution - Perl (CVE-2004-1388) - High [576]
Description: Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Berlios GPSD Format String Vulnerability, [canvas] Immunity Canvas: GPSD) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2004-1388 was patched at 2024-05-15
178. Remote Code Execution - Perl (CVE-2008-2371) - High [576]
Description: Heap-based buffer overflow in pcre_compile.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PCRE pcre_compile.c文件堆溢出漏洞, [seebug] PCRE 规则表达式堆缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-2371 was patched at 2024-05-15
179. Remote Code Execution - Perl (CVE-2013-0333) - High [576]
Description: lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not pro
debian: CVE-2013-0333 was patched at 2024-05-15
180. Remote Code Execution - Perl (CVE-2013-1800) - High [576]
Description: The crack gem 0.3.1 and earlier for Ruby does not pro
debian: CVE-2013-1800 was patched at 2024-05-15
181. Remote Code Execution - Perl (CVE-2013-1802) - High [576]
Description: The extlib gem 0.9.15 and earlier for Ruby does not pro
debian: CVE-2013-1802 was patched at 2024-05-15
182. Remote Code Execution - Roundcube (CVE-2016-9920) - High [576]
Description: steps/mail/sendmail.inc in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Roundcube 1.2.2: Command Execution via Email) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Roundcube is a web-based IMAP email client | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-9920 was patched at 2024-05-15
183. Unknown Vulnerability Type - Jetty (CVE-2021-34429) - High [576]
Description: {'vulners_cve_data_all': 'For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0 | 15 | Unknown Vulnerability Type | |
0.6 | 14 | Jetty is a Java based web server and servlet engine | |
0.5 | 10 | CVSS Base Score is 5.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-34429 was patched at 2024-05-15
184. Code Injection - QEMU (CVE-2017-8284) - High [575]
Description: {'vulners_cve_data_all': 'The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.97 | 15 | Code Injection | |
0.7 | 14 | QEMU is a generic and open source machine & userspace emulator and virtualizer | |
0.7 | 10 | CVSS Base Score is 7.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-8284 was patched at 2024-05-15
185. Security Feature Bypass - iOS (CVE-2014-2913) - High [575]
Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] NRPE 2.15 Remote Command Execution, [seebug] NRPE 2.15 - Remote Code Execution Vulnerability, [exploitpack] NRPE 2.15 - Remote Code Execution, [zdt] NRPE 2.15 - Remote Code Execution Vulnerability, [exploitdb] NRPE 2.15 - Remote Code Execution) | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | iOS is an operating system developed and marketed by Apple Inc | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-2913 was patched at 2024-05-15
186. Remote Code Execution - Mozilla Firefox (CVE-2006-0295) - High [573]
Description: Mozilla
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Firefox location.QueryInterface() Code Execution, [packetstorm] firefox_queryinterface_mac.pm.txt, [packetstorm] firefox_queryinterface.pm.txt, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.5 | 10 | CVSS Base Score is 5.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-0295 was patched at 2024-05-15
187. Authentication Bypass - Apache ActiveMQ (CVE-2014-3612) - High [572]
Description: The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache ActiveMQ 5.0.0 - 5.10.0 JAAS LDAPLoginModule empty password authentication Vulnerability) | |
0.98 | 15 | Authentication Bypass | |
0.6 | 14 | Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-3612 was patched at 2024-05-15
188. Authentication Bypass - Python (CVE-2013-1895) - High [572]
Description: The py-bcrypt module before 0.3 for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python 'py-bcrypt' 模块身份验证绕过漏洞(CVE-2013-1895)) | |
0.98 | 15 | Authentication Bypass | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-1895 was patched at 2024-05-15
189. Denial of Service - Linux Kernel (CVE-2017-16996) - High [572]
Description: kernel/bpf/verifier.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel >= 4.9 eBPF memory corruption bugs Vulnerability) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-16996 was patched at 2024-05-15
190. Denial of Service - Linux Kernel (CVE-2017-5972) - High [572]
Description: The TCP stack in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel 3.10.0 (CentOS7) Denial Of Service Exploit, [packetstorm] CentOS7 Kernel Denial Of Service) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-5972 was patched at 2024-05-15
191. Information Disclosure - Linux Kernel (CVE-2018-7273) - High [572]
Description: {'vulners_cve_data_all': 'In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Linux Kernel show_floppy KASLR Address Leak, [zdt] Linux Kernel < 4.15.4 - show_floppy KASLR Address Leak Exploit) | |
0.83 | 15 | Information Disclosure | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-7273 was patched at 2024-05-15
192. Information Disclosure - Linux Kernel (CVE-2022-4543) - High [572]
Description: {'vulners_cve_data_all': 'A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linux Linux Kernel) | |
0.83 | 15 | Information Disclosure | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-4543 was patched at 2024-05-15
193. Remote Code Execution - Cacti (CVE-2023-39358) - High [571]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Cacti is an open source operational monitoring and fault management framework | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-39358 was patched at 2024-05-15
194. Remote Code Execution - Cacti (CVE-2024-31445) - High [571]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Cacti is an open source operational monitoring and fault management framework | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-31445 was patched at 2024-05-15
195. Remote Code Execution - TRIE (CVE-2022-2566) - High [571]
Description: A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all en
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | TRIE | |
0.9 | 10 | CVSS Base Score is 9.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-2566 was patched at 2024-05-15
196. Code Injection - Perl (CVE-2011-2506) - High [570]
Description: setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not pro
debian: CVE-2011-2506 was patched at 2024-05-15
197. Arbitrary File Reading - PHP (CVE-2014-2383) - High [567]
Description: dompdf.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([wpexploit] Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI), [exploitpack] dompdf 0.6.0 - dompdf.php?read Arbitrary File Read, [zdt] dompdf 0.6.0 Arbitrary File Read Vulnerability, [packetstorm] dompdf 0.6.0 Arbitrary File Read, [seebug] dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read, [exploitdb] dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read) | |
0.83 | 15 | Arbitrary File Reading | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-2383 was patched at 2024-05-15
198. Information Disclosure - Safari (CVE-2009-1718) - High [567]
Description: WebKit in Apple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞) | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.7 | 10 | CVSS Base Score is 7.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1718 was patched at 2024-05-15
199. Elevation of Privilege - BIND (CVE-2019-2025) - High [566]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit) | |
0.85 | 15 | Elevation of Privilege | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-2025 was patched at 2024-05-15
200. Remote Code Execution - Perl (CVE-2012-4409) - High [564]
Description: Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] mcrypt 2.5.8 Stack Based Overflow, [exploitpack] mcrypt 2.5.8 - Local Stack Overflow, [seebug] mcrypt <= 2.5.8 Stack Based Overflow, [exploitdb] mcrypt 2.5.8 - Local Stack Overflow) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-4409 was patched at 2024-05-15
201. Remote Code Execution - Python (CVE-2008-5984) - High [564]
Description: Untrusted search path vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Dia Python插件使用不安全搜索路径漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-5984 was patched at 2024-05-15
202. Remote Code Execution - Python (CVE-2008-5985) - High [564]
Description: Untrusted search path vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Epiphany PySys_SetArgv函数命令执行漏, [seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-5985 was patched at 2024-05-15
203. Remote Code Execution - Python (CVE-2008-5986) - High [564]
Description: Untrusted search path vulnerability in the (1) "VST plugin with
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-5986 was patched at 2024-05-15
204. Remote Code Execution - Python (CVE-2009-0314) - High [564]
Description: Untrusted search path vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] gedit PySys_SetArgv函数代码执行漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0314 was patched at 2024-05-15
205. Remote Code Execution - Python (CVE-2009-0315) - High [564]
Description: Untrusted search path vulnerability in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0315 was patched at 2024-05-15
206. Remote Code Execution - Python (CVE-2009-0318) - High [564]
Description: Untrusted search path vulnerability in the GObject
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0318 was patched at 2024-05-15
207. Remote Code Execution - Python (CVE-2013-5093) - High [564]
Description: The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Graphite Web Unsafe Pickle Handling, [zdt] Graphite Web Unsafe Pickle Handling Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-5093 was patched at 2024-05-15
208. Remote Code Execution - Python (CVE-2013-5942) - High [564]
Description: Graphite 0.9.5 through 0.9.10 uses the pickle
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Graphite Web Unsafe Pickle Handling, [zdt] Graphite Web Unsafe Pickle Handling Exploit) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-5942 was patched at 2024-05-15
209. Security Feature Bypass - iOS (CVE-2023-45857) - High [563]
Description: {'vulners_cve_data_all': 'An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.7 | 14 | iOS is an operating system developed and marketed by Apple Inc | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-45857 was patched at 2024-05-15
210. Information Disclosure - SQLite (CVE-2021-42523) - High [562]
Description: There are two
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.83 | 15 | Information Disclosure | |
0.7 | 14 | SQLite is a database engine written in the C programming language | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-42523 was patched at 2024-05-15
211. Denial of Service - Windows Kernel (CVE-2008-4609) - High [560]
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Windows 2000 TCP/IP窗口大小拒绝服务漏洞(MS09-048)) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | Windows Kernel | |
0.7 | 10 | CVSS Base Score is 7.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-4609 was patched at 2024-05-15
212. Remote Code Execution - Cacti (CVE-2024-31459) - High [559]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Cacti is an open source operational monitoring and fault management framework | |
0.8 | 10 | CVSS Base Score is 8.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-31459 was patched at 2024-05-15
213. Remote Code Execution - GDI (CVE-2006-0106) - High [559]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [canvas] Immunity Canvas: WMF_SETABORT, [packetstorm] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | GDI | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-0106 was patched at 2024-05-15
214. Remote Code Execution - Libarchive (CVE-2016-4301) - High [559]
Description: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libarchive mtree parse_device Code Execution Vulnerability(CVE-2016-4301)) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Multi-format archive and compression library | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-4301 was patched at 2024-05-15
215. Remote Code Execution - NetBIOS (CVE-2014-9377) - High [559]
Description: Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network (LAN) | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-9377 was patched at 2024-05-15
216. Remote Code Execution - TLS (CVE-2006-6170) - High [559]
Description: Buffer overflow in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] vd_proftpd.pm.txt, [packetstorm] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-6170 was patched at 2024-05-15
217. Remote Code Execution - TLS (CVE-2017-2784) - High [559]
Description: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784)) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 8.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2784 was patched at 2024-05-15
218. Remote Code Execution - TLS (CVE-2021-21374) - High [559]
Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 8.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-21374 was patched at 2024-05-15
219. Remote Code Execution - nginx (CVE-2009-2629) - High [559]
Description: Buffer underflow in src/http/ngx_http_parse.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx HTTP请求远程缓冲区溢出漏洞, [canvas] Immunity Canvas: NGINX) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-2629 was patched at 2024-05-15
220. Remote Code Execution - nginx (CVE-2014-0133) - High [559]
Description: Heap-based buffer overflow in the SPDY implementation in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Nginx SPDY缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-0133 was patched at 2024-05-15
221. Security Feature Bypass - Unknown Product (CVE-2023-24023) - High [559]
Description: {'vulners_cve_data_all': 'Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.9 | 15 | Security Feature Bypass | |
0 | 14 | Unknown Product | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
almalinux: CVE-2023-24023 was patched at 2024-05-22
debian: CVE-2023-24023 was patched at 2024-05-15
oraclelinux: CVE-2023-24023 was patched at 2024-05-02, 2024-05-23
redhat: CVE-2023-24023 was patched at 2024-05-22
ubuntu: CVE-2023-24023 was patched at 2024-04-19, 2024-04-23
222. Command Injection - Python (CVE-2024-23829) - High [558]
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.97 | 15 | Command Injection | |
0.6 | 14 | Python is a high-level, general-purpose programming language | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-23829 was patched at 2024-05-15
redos: CVE-2024-23829 was patched at 2024-04-23
223. Information Disclosure - Unknown Product (CVE-2021-40402) - High [558]
Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.83 | 15 | Information Disclosure | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-40402 was patched at 2024-05-15
224. Security Feature Bypass - Perl (CVE-2018-6829) - High [558]
Description: {'vulners_cve_data_all': 'cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-6829 was patched at 2024-05-15
225. Security Feature Bypass - Perl (CVE-2024-1135) - High [558]
Description: {'vulners_cve_data_all': 'Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-1135 was patched at 2024-05-15
redhat: CVE-2024-1135 was patched at 2024-05-22
226. XXE Injection - Perl (CVE-2013-0340) - High [558]
Description: expat 2.1.0 and earlier does not pro
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.97 | 15 | XXE Injection | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-0340 was patched at 2024-05-15
227. XXE Injection - Perl (CVE-2024-23525) - High [558]
Description: The Spreadsheet::ParseXLSX package before 0.30 for
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.97 | 15 | XXE Injection | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-23525 was patched at 2024-05-15
ubuntu: CVE-2024-23525 was patched at 2024-05-09
228. Denial of Service - Binutils (CVE-2017-16830) - High [555]
Description: The print_gnu_property_note function in readelf.c in GNU
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-16830 was patched at 2024-05-15
229. Denial of Service - Binutils (CVE-2017-17126) - High [555]
Description: The load_debug_section function in readelf.c in GNU
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-17126 was patched at 2024-05-15
230. Denial of Service - Binutils (CVE-2022-47673) - High [555]
Description: An issue was discovered in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-47673 was patched at 2024-05-15
231. Denial of Service - Binutils (CVE-2022-47696) - High [555]
Description: An issue was discovered
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2022-47696 was patched at 2024-05-15
232. Denial of Service - GNOME desktop (CVE-2018-11396) - High [555]
Description: ephy-session.c in libephymain.so in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Epiphany 3.28.2.1 - Denial of Service, [exploitdb] Epiphany 3.28.2.1 - Denial of Service, [packetstorm] Epiphany 3.28.2.1 Denial Of Service) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-11396 was patched at 2024-05-15
233. Denial of Service - ICMP (CVE-2016-1879) - High [555]
Description: The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] FreeBSD SCTP ICMPv6 - Error Processing, [packetstorm] FreeBSD SCTP ICMPv6 Denial Of Service) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-1879 was patched at 2024-05-15
234. Denial of Service - OpenSSL (CVE-2006-2937) - High [555]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-2937 was patched at 2024-05-15
235. Denial of Service - OpenSSL (CVE-2006-2940) - High [555]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-2940 was patched at 2024-05-15
236. Denial of Service - OpenSSL (CVE-2016-7052) - High [555]
Description: crypto/x509/x509_vfy.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-7052 was patched at 2024-05-15
237. Denial of Service - OpenSSL (CVE-2017-3730) - High [555]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-3730 was patched at 2024-05-15
238. Denial of Service - PHP (CVE-2018-6389) - High [555]
Description: In WordPress through 4.9.2, unauthenticated attackers can cause a
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress Core Denial Of Service, [packetstorm] WordPress Core load-scripts.php Denial Of Service, [zdt] WordPress Core - load-scripts.php Denial of Service Exploit, [seebug] WordPress Core - 'load-scripts.php' Denial of Service(CVE-2018-6389)) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-6389 was patched at 2024-05-15
239. Denial of Service - Samba (CVE-2008-4314) - High [555]
Description: smbd in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba smbd远程信息泄露漏洞) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
0.8 | 10 | CVSS Base Score is 8.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-4314 was patched at 2024-05-15
240. Denial of Service - Webkit (CVE-2018-11646) - High [555]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WebKitGTK+ 2.21.3 - Crash (PoC), [exploitpack] WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit), [packetstorm] WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service, [packetstorm] WebKitGTK+ WebKitFaviconDatabase Denial Of Service, [zdt] WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit, [zdt] WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit, [metasploit] WebKitGTK+ WebKitFaviconDatabase DoS, [exploitdb] WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit), [exploitdb] WebKitGTK+ < 2.21.3 - Crash (PoC)) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-11646 was patched at 2024-05-15
241. Information Disclosure - OpenSSH (CVE-2018-15919) - High [555]
Description: {'vulners_cve_data_all': 'Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.5 | 10 | CVSS Base Score is 5.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-15919 was patched at 2024-05-15
242. Security Feature Bypass - Google Chrome (CVE-2021-30539) - High [555]
Description: Insufficient policy enforcement in content security policy in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.5 | 10 | CVSS Base Score is 5.4. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30539 was patched at 2024-05-15
243. Denial of Service - Kerberos (CVE-2009-3295) - High [553]
Description: The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MIT Kerberos KDC跨域Referral空指针引用拒绝服务漏洞) | |
0.7 | 15 | Denial of Service | |
1 | 14 | Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-3295 was patched at 2024-05-15
244. Remote Code Execution - Perl (CVE-2008-1333) - High [552]
Description: Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk日志函数及管理器远程格式串处理漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.6 | 10 | CVSS Base Score is 5.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-1333 was patched at 2024-05-15
245. Cross Site Scripting - PHP (CVE-2017-5367) - High [550]
Description: Multiple reflected
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ZoneMinder - Multiple Vulnerabilities, [packetstorm] ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-5367 was patched at 2024-05-15
246. Cross Site Scripting - PHP (CVE-2019-12094) - High [550]
Description: Horde Groupware Webmail Edition through 5.2.22 allows
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] Horde Webmail 5.2.22 - Multiple Vulnerabilities, [packetstorm] Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution, [zdt] Horde Webmail 5.2.22 - Multiple Vulnerabilities, [zdt] Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit, [exploitpack] Horde Webmail 5.2.22 - Multiple Vulnerabilities) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-12094 was patched at 2024-05-15
247. Cross Site Scripting - PHP (CVE-2019-8937) - High [550]
Description: HotelDruid 2.3.0 has
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] HotelDruid 2.3 - Cross-Site Scripting Vulnerability, [exploitpack] HotelDruid 2.3 - Cross-Site Scripting, [packetstorm] HotelDruid 2.3 Cross Site Scripting, [exploitdb] HotelDruid 2.3 - Cross-Site Scripting) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-8937 was patched at 2024-05-15
248. Cross Site Scripting - Safari (CVE-2017-2504) - High [550]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit Editor::Command::execute Universal Cross Site Scripting, [zdt] Apple WebKit / Safari 10.0.3(12602.4.8) - Editor::Command::execute Universal Cross-Site Scripting Ex, [seebug] WebKit: UXSS via Editor::Command::execute(CVE-2017-2504)) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2504 was patched at 2024-05-15
249. Cross Site Scripting - Safari (CVE-2017-2508) - High [550]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - ContainerNode::parserInsertBefore Universal Cross-Site Scripting Exploit, [seebug] WebKit: UXSS via ContainerNode::parserInsertBefore(CVE-2017-2508)) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2508 was patched at 2024-05-15
250. Cross Site Scripting - Safari (CVE-2017-2528) - High [550]
Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit CachedFrame Universal Cross Site Scripting, [seebug] WebKit: UXSS: CachedFrame doesn't detach openers(CVE-2017-2528), [zdt] WebKit CachedFrame Universal Cross Site Scripting Vulnerability) | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-2528 was patched at 2024-05-15
251. Remote Code Execution - Cacti (CVE-2024-31460) - High [547]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Cacti is an open source operational monitoring and fault management framework | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-31460 was patched at 2024-05-15
252. Remote Code Execution - nginx (CVE-2012-2089) - High [547]
Description: Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx 'ngx_http_mp4_module.c'缓冲区溢出漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-2089 was patched at 2024-05-15
253. Information Disclosure - Roundcube (CVE-2018-19205) - High [545]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenPGP、S/MIME information disclosure (CVE-2017-17688,CVE-2017-17689)) | |
0.83 | 15 | Information Disclosure | |
0.6 | 14 | Roundcube is a web-based IMAP email client | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2018-19205 was patched at 2024-05-15
254. Remote Code Execution - FFmpeg (CVE-2009-4638) - High [545]
Description: Integer overflow in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4638 was patched at 2024-05-15
255. Remote Code Execution - FFmpeg (CVE-2009-4640) - High [545]
Description: Array index error in vorbis_dec.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-4640 was patched at 2024-05-15
256. Denial of Service - PHP (CVE-2016-6896) - High [544]
Description: Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] WordPress Traversal Directory DoS, [exploitpack] WordPress 4.5.3 - Directory Traversal Denial of Service, [zdt] WordPress 4.5.3 - Directory Traversal / Denial of Service, [exploitdb] WordPress Core 4.5.3 - Directory Traversal / Denial of Service) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 7.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-6896 was patched at 2024-05-15
257. Denial of Service - Safari (CVE-2009-1692) - High [544]
Description: WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1,
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ECMAScript Denial Of Service, [seebug] Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all), [exploitpack] Multiple Browsers - Denial of Service, [exploitdb] Multiple Browsers - Denial of Service) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.7 | 10 | CVSS Base Score is 7.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1692 was patched at 2024-05-15
258. Denial of Service - Samba (CVE-2007-0452) - High [544]
Description: smbd in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba延迟CIFS文件打开拒绝服务漏洞) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-0452 was patched at 2024-05-15
259. Memory Corruption - APT (CVE-2009-1177) - High [544]
Description: Multiple stack-based
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞) | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | A free-software user interface that works with core libraries to handle the installation and removal of software on Debian | |
1.0 | 10 | CVSS Base Score is 10.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-1177 was patched at 2024-05-15
260. Memory Corruption - Google Chrome (CVE-2019-5866) - High [544]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
1.0 | 10 | CVSS Base Score is 9.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-5866 was patched at 2024-05-15
261. Memory Corruption - Safari (CVE-2023-32409) - High [544]
Description: {'vulners_cve_data_all': 'The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object) website | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML. | |
0.9 | 10 | CVSS Base Score is 8.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-32409 was patched at 2024-05-15
262. Path Traversal - PHP (CVE-2005-3347) - High [544]
Description: Multiple
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hardened-PHP Project Security Advisory 2005-21.81) | |
0.7 | 15 | Path Traversal | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 6.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2005-3347 was patched at 2024-05-15
263. Path Traversal - PHP (CVE-2014-8959) - High [544]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 4.2.12 /gis_data_editor.php 本地文件包含漏洞) | |
0.7 | 15 | Path Traversal | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.7 | 10 | CVSS Base Score is 6.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-8959 was patched at 2024-05-15
264. Security Feature Bypass - Google Chrome (CVE-2021-30532) - High [544]
Description: Insufficient policy enforcement in Content Security Policy in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30532 was patched at 2024-05-15
265. Security Feature Bypass - Google Chrome (CVE-2021-30537) - High [544]
Description: Insufficient policy enforcement in cookies in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30537 was patched at 2024-05-15
266. Security Feature Bypass - Google Chrome (CVE-2021-30538) - High [544]
Description: Insufficient policy enforcement in content security policy in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30538 was patched at 2024-05-15
267. Security Feature Bypass - Google Chrome (CVE-2021-30596) - High [544]
Description: {'vulners_cve_data_all': 'Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30596 was patched at 2024-05-15
268. Arbitrary File Reading - PHP (CVE-2008-0196) - High [543]
Description: Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [packetstorm] Core Security Technologies Advisory 2009.0515, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures) | |
0.83 | 15 | Arbitrary File Reading | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2008-0196 was patched at 2024-05-15
269. Information Disclosure - Mozilla Firefox (CVE-2019-13075) - High [543]
Description: Tor Browser through 8.5.3 has an
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.5 | 10 | CVSS Base Score is 5.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-13075 was patched at 2024-05-15
270. Information Disclosure - OpenSSH (CVE-2016-20012) - High [543]
Description: {'vulners_cve_data_all': 'OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | |
0.5 | 10 | CVSS Base Score is 5.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2016-20012 was patched at 2024-05-15
271. Information Disclosure - PHP (CVE-2009-2334) - High [543]
Description: wp-admin/admin.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress wp-admin/admin.php模块错误权限检查漏洞, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [packetstorm] Core Security Technologies Advisory 2009.0515, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures) | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.5 | 10 | CVSS Base Score is 4.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-2334 was patched at 2024-05-15
272. Information Disclosure - PHP (CVE-2012-4219) - High [543]
Description: show_config_errors.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 'show_config_errors.php'完整路径信息泄露漏洞) | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-4219 was patched at 2024-05-15
273. Cross Site Scripting - Apache HTTP Server (CVE-2006-3918) - High [542]
Description: http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2)
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ProCheckUp Security Advisory 2007.37, [packetstorm] Oracle HTTP Server Header Cross Site Scripting, [exploitpack] Oracle HTTP Server - Cross-Site Scripting Header Injection, [seebug] Oracle HTTP Server - XSS Header Injection, [exploitdb] Oracle HTTP Server - Cross-Site Scripting Header Injection) | |
0.8 | 15 | Cross Site Scripting | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-3918 was patched at 2024-05-15
274. Cross Site Scripting - Apache HTTP Server (CVE-2007-6203) - High [542]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ProCheckUp Security Advisory 2007.37, [packetstorm] Oracle HTTP Server Header Cross Site Scripting, [exploitpack] Oracle HTTP Server - Cross-Site Scripting Header Injection, [seebug] Oracle HTTP Server - XSS Header Injection, [exploitdb] Oracle HTTP Server - Cross-Site Scripting Header Injection) | |
0.8 | 15 | Cross Site Scripting | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-6203 was patched at 2024-05-15
275. Remote Code Execution - Flatpak (CVE-2024-32462) - High [542]
Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | Flatpak is a utility for software deployment and package management for Linux | |
0.8 | 10 | CVSS Base Score is 8.4. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-32462 was patched at 2024-04-19, 2024-05-15
redos: CVE-2024-32462 was patched at 2024-05-07
276. Remote Code Execution - GPAC (CVE-2021-32136) - High [542]
Description: Heap buffer overflow in the print_udta function in MP4Box in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-32136 was patched at 2024-05-15
277. Remote Code Execution - GPAC (CVE-2021-32268) - High [542]
Description: Buffer overflow vulnerability in function gf_fprintf in os_file.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-32268 was patched at 2024-05-15
278. Remote Code Execution - GPAC (CVE-2021-32439) - High [542]
Description: Buffer overflow in the stbl_AppendSize function in MP4Box in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-32439 was patched at 2024-05-15
279. Remote Code Execution - GPAC (CVE-2021-33362) - High [542]
Description: Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity) | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-33362 was patched at 2024-05-15
280. Denial of Service - Kerberos (CVE-2009-0847) - High [541]
Description: The asn1buf_imbed function in the ASN.1 decoder in MIT
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MIT Kerberos SPNEGO和ASN.1多个拒绝服务漏洞) | |
0.7 | 15 | Denial of Service | |
1 | 14 | Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet | |
0.4 | 10 | CVSS Base Score is 4.3. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2009-0847 was patched at 2024-05-15
281. Security Feature Bypass - TLS (CVE-2021-29495) - High [541]
Description: {'vulners_cve_data_all': 'Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-29495 was patched at 2024-05-15
282. Security Feature Bypass - TLS (CVE-2021-34825) - High [541]
Description: {'vulners_cve_data_all': 'Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.9 | 15 | Security Feature Bypass | |
0.5 | 14 | TLS | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-34825 was patched at 2024-05-15
283. Remote Code Execution - Perl (CVE-2005-3962) - High [540]
Description: Integer overflow in the format string functionality (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl格式串处理整数溢出漏洞, [seebug] Apple Mac OS X 2006-007存在多个安全漏洞) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.5 | 10 | CVSS Base Score is 4.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2005-3962 was patched at 2024-05-15
284. Remote Code Execution - Perl (CVE-2011-4089) - High [540]
Description: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not pro
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] bzexe /tmp Race Condition) | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages | |
0.5 | 10 | CVSS Base Score is 4.6. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2011-4089 was patched at 2024-05-15
285. Denial of Service - BIND (CVE-2006-4095) - High [539]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞) | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | BIND is a suite of software for interacting with the Domain Name System | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2006-4095 was patched at 2024-05-15
286. Denial of Service - Curl (CVE-2023-38039) - High [539]
Description: {'vulners_cve_data_all': 'When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | Curl is a command-line tool for transferring data specified with URL syntax | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2023-38039 was patched at 2024-05-15
287. Denial of Service - Point-to-Point Tunneling Protocol (CVE-2003-0213) - High [539]
Description: ctrlpacket.c in PoPToP
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Poptop Negative Read Overflow) | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2003-0213 was patched at 2024-05-15
288. Denial of Service - QEMU (CVE-2019-20175) - High [539]
Description: An issue was discovered in ide_dma_cb() in hw/ide/core.c in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | QEMU is a generic and open source machine & userspace emulator and virtualizer | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-20175 was patched at 2024-05-15
289. Denial of Service - SQLite (CVE-2021-31239) - High [539]
Description: An issue found in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | SQLite is a database engine written in the C programming language | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-31239 was patched at 2024-05-15
290. Denial of Service - iOS (CVE-2019-10742) - High [539]
Description: Ax
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Handling of Exceptional Conditions in Axios) | |
0.7 | 15 | Denial of Service | |
0.7 | 14 | iOS is an operating system developed and marketed by Apple Inc | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-10742 was patched at 2024-05-15
291. Cross Site Scripting - PHP (CVE-2021-38603) - High [538]
Description: PluXML 5.8.7 allows core/admin/profil.
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.8 | 15 | Cross Site Scripting | |
0.8 | 14 | PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. | |
0.5 | 10 | CVSS Base Score is 4.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-38603 was patched at 2024-05-15
292. Memory Corruption - Chromium (CVE-2024-3832) - High [538]
Description: {'vulners_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-3832 was patched at 2024-04-20, 2024-05-15
redos: CVE-2024-3832 was patched at 2024-05-07
293. Memory Corruption - Chromium (CVE-2024-3833) - High [538]
Description: {'vulners_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-3833 was patched at 2024-04-20, 2024-05-15
redos: CVE-2024-3833 was patched at 2024-05-07
294. Memory Corruption - Chromium (CVE-2024-4331) - High [538]
Description: Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-4331 was patched at 2024-05-02, 2024-05-15
295. Memory Corruption - Chromium (CVE-2024-4368) - High [538]
Description: Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
debian: CVE-2024-4368 was patched at 2024-05-02, 2024-05-15
296. Memory Corruption - Mozilla Firefox (CVE-2024-3855) - High [538]
Description: In certain cases the JIT incorrectly optimized MSubstr operations, which led to
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
ubuntu: CVE-2024-3855 was patched at 2024-04-24
297. Memory Corruption - Mozilla Firefox (CVE-2024-3856) - High [538]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0 | 10 | EPSS data is not available |
ubuntu: CVE-2024-3856 was patched at 2024-04-24
298. Denial of Service - Apache HTTP Server (CVE-2013-2765) - High [536]
Description: The ModSecurity module before 2.7.4 for the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ModSecurity Remote Null Pointer Dereference Vulnerability, [packetstorm] ModSecurity Remote Null Pointer Dereference, [seebug] ModSecurity 空指针间接引用远程拒绝服务漏洞(CVE-2013-2765)) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2013-2765 was patched at 2024-05-15
299. Denial of Service - Linux Kernel (CVE-2014-0102) - High [536]
Description: The keyring_detect_cycle_iterator function in security/keys/keyring.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel 'keyring_detect_cycle_iterator()'函数本地拒绝服务漏洞) | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 5.2. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-0102 was patched at 2024-05-15
300. Denial of Service - Linux Kernel (CVE-2019-20794) - High [536]
Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.5 | 10 | CVSS Base Score is 4.7. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-20794 was patched at 2024-05-15
301. Information Disclosure - Linux Kernel (CVE-2014-0131) - High [536]
Description: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel vhost-net分段内存泄露漏洞, [seebug] Linux kernel skb_segment函数释放后使用漏洞) | |
0.83 | 15 | Information Disclosure | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.3 | 10 | CVSS Base Score is 2.9. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2014-0131 was patched at 2024-05-15
302. Memory Corruption - Linux Kernel (CVE-2019-19378) - High [536]
Description: In the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.9 | 14 | The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2019-19378 was patched at 2024-05-15
303. Path Traversal - Apache HTTP Server (CVE-2007-1860) - High [536]
Description: mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SA-20070314-0.txt, [seebug] Mac OS X 2007-007更新修复多个安全漏洞) | |
0.7 | 15 | Path Traversal | |
0.9 | 14 | Apache HTTP Server is a free and open-source web server that delivers web content through the internet | |
0.5 | 10 | CVSS Base Score is 5.0. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2007-1860 was patched at 2024-05-15
304. Denial of Service - Unknown Product (CVE-2020-36067) - High [535]
Description: {'vulners_cve_data_all': 'GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on BDU website | |
0.5 | 17 | The existence of a private exploit is mentioned on BDU:PrivateExploit website | |
0.7 | 15 | Denial of Service | |
0 | 14 | Unknown Product | |
0.8 | 10 | CVSS Base Score is 7.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-36067 was patched at 2024-05-15
305. Cross Site Scripting - MediaWiki (CVE-2012-4378) - High [533]
Description: Multiple cross-site scripting (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 1.x userlang参数跨站脚本漏洞) | |
0.8 | 15 | Cross Site Scripting | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2012-4378 was patched at 2024-05-15
306. Cross Site Scripting - MediaWiki (CVE-2020-35474) - High [533]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.8 | 15 | Cross Site Scripting | |
0.7 | 14 | MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL) | |
0.6 | 10 | CVSS Base Score is 6.1. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-35474 was patched at 2024-05-15
307. Denial of Service - Binutils (CVE-2020-16591) - High [532]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-16591 was patched at 2024-05-15
308. Denial of Service - Binutils (CVE-2020-16593) - High [532]
Description: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-16593 was patched at 2024-05-15
309. Denial of Service - Binutils (CVE-2020-16599) - High [532]
Description: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2020-16599 was patched at 2024-05-15
310. Denial of Service - GNOME desktop (CVE-2017-14108) - High [532]
Description: libgedit.a in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] libgedit.a 3.22.1 Denial Of Service Vulnerability, [packetstorm] libgedit.a 3.22.1 Denial Of Service) | |
0.7 | 15 | Denial of Service | |
0.8 | 14 | GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems | |
0.6 | 10 | CVSS Base Score is 5.5. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2017-14108 was patched at 2024-05-15
311. Memory Corruption - Chromium (CVE-2021-30623) - High [532]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Google Chrome) | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30623 was patched at 2024-05-15
312. Memory Corruption - Google Chrome (CVE-2021-30521) - High [532]
Description: Heap
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30521 was patched at 2024-05-15
313. Memory Corruption - Google Chrome (CVE-2021-30522) - High [532]
Description: Use after free in WebAudio in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30522 was patched at 2024-05-15
314. Memory Corruption - Google Chrome (CVE-2021-30523) - High [532]
Description: Use after free in WebRTC in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30523 was patched at 2024-05-15
315. Memory Corruption - Google Chrome (CVE-2021-30524) - High [532]
Description: Use after free in TabStrip in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30524 was patched at 2024-05-15
316. Memory Corruption - Google Chrome (CVE-2021-30525) - High [532]
Description: Use after free in TabGroups in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30525 was patched at 2024-05-15
317. Memory Corruption - Google Chrome (CVE-2021-30527) - High [532]
Description: Use after free in WebUI in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30527 was patched at 2024-05-15
318. Memory Corruption - Google Chrome (CVE-2021-30528) - High [532]
Description: Use after free in WebAuthentication in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30528 was patched at 2024-05-15
319. Memory Corruption - Google Chrome (CVE-2021-30529) - High [532]
Description: Use after free in Bookmarks in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30529 was patched at 2024-05-15
320. Memory Corruption - Google Chrome (CVE-2021-30530) - High [532]
Description: Out of bounds memory access in WebAudio in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30530 was patched at 2024-05-15
321. Memory Corruption - Google Chrome (CVE-2021-30544) - High [532]
Description: Use after free in BFCache in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30544 was patched at 2024-05-15
322. Memory Corruption - Google Chrome (CVE-2021-30545) - High [532]
Description: Use after free in Extensions in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30545 was patched at 2024-05-15
323. Memory Corruption - Google Chrome (CVE-2021-30546) - High [532]
Description: Use after free in Autofill in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30546 was patched at 2024-05-15
324. Memory Corruption - Google Chrome (CVE-2021-30548) - High [532]
Description: Use after free in Loader in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30548 was patched at 2024-05-15
325. Memory Corruption - Google Chrome (CVE-2021-30550) - High [532]
Description: Use after free in Accessibility in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30550 was patched at 2024-05-15
326. Memory Corruption - Google Chrome (CVE-2021-30552) - High [532]
Description: Use after free in Extensions in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 | EPSS data is not available |
debian: CVE-2021-30552 was patched at 2024-05-15
327. Memory Corruption - Google Chrome (CVE-2021-30553) - High [532]
Description: Use after free in Network service in
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on BDU:PublicExploit website | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS. | |
0.9 | 10 | CVSS Base Score is 8.8. According to Vulners data source | |
0 | 10 |