ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux...
7.8CVSS
7.7AI Score
0.001EPSS
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static...
7.5CVSS
7.4AI Score
0.002EPSS
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS...
7.5CVSS
7.4AI Score
0.002EPSS
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor->header.width and cursor->header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user cou...
8.2CVSS
8.1AI Score
0.001EPSS
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on.....
8.2CVSS
8.2AI Score
0.001EPSS
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel...
7.1CVSS
7AI Score
0.0004EPSS
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges....
7CVSS
7AI Score
0.0004EPSS
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources...
5.5CVSS
5.7AI Score
0.0004EPSS
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials...
5.3CVSS
5.8AI Score
0.004EPSS
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root...
7.8CVSS
7.5AI Score
0.001EPSS
MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diST_box_read() to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is...
7.8CVSS
7.7AI Score
0.001EPSS
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for...
7.8CVSS
7.7AI Score
0.001EPSS
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited...
7CVSS
6.6AI Score
0.0004EPSS
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly...
7.5CVSS
7.5AI Score
0.003EPSS
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to...
9.8CVSS
9.7AI Score
0.002EPSS
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo...
7.1CVSS
6.7AI Score
0.001EPSS
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's...
7.8CVSS
7.9AI Score
0.001EPSS
Irzip v0.640 was discovered to contain a heap memory corruption via the component...
9.8CVSS
9.6AI Score
0.001EPSS
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function...
8.8CVSS
8.7AI Score
0.003EPSS
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified...
6.5CVSS
6.5AI Score
0.004EPSS
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and...
7.5CVSS
7.2AI Score
0.029EPSS
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and...
9.1CVSS
8.8AI Score
0.007EPSS
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection....
9.8CVSS
9.7AI Score
0.008EPSS
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at...
7.5CVSS
7.4AI Score
0.001EPSS
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component...
7.5CVSS
7.4AI Score
0.001EPSS
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at...
7.5CVSS
7.5AI Score
0.001EPSS
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component...
7.5CVSS
7.4AI Score
0.001EPSS
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at...
7.5CVSS
7.5AI Score
0.001EPSS
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component...
7.5CVSS
7.4AI Score
0.001EPSS
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL...
7.5CVSS
7.5AI Score
0.001EPSS
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL...
7.5CVSS
7.5AI Score
0.001EPSS
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL...
7.5CVSS
7.5AI Score
0.001EPSS
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL...
7.5CVSS
7.7AI Score
0.001EPSS
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL...
7.5CVSS
7.5AI Score
0.001EPSS
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL...
7.5CVSS
7.5AI Score
0.001EPSS
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component...
7.5CVSS
7.4AI Score
0.001EPSS
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL...
7.5CVSS
7.8AI Score
0.001EPSS
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL...
7.5CVSS
7.7AI Score
0.001EPSS
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL...
7.5CVSS
7.7AI Score
0.001EPSS
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed...
9.8CVSS
9.4AI Score
0.003EPSS
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option...
9.8CVSS
9.5AI Score
0.003EPSS
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended...
7.8CVSS
7.2AI Score
0.0004EPSS
An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that...
8.8CVSS
8.7AI Score
0.001EPSS
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL...
7.5CVSS
7.3AI Score
0.001EPSS
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double...
7.8CVSS
7.3AI Score
0.0004EPSS
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double...
5.5CVSS
5.8AI Score
0.0004EPSS
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double...
5.5CVSS
5.8AI Score
0.0004EPSS
5.5CVSS
5.7AI Score
0.001EPSS
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or...
6.1CVSS
6AI Score
0.003EPSS
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault...
5.5CVSS
5.4AI Score
0.001EPSS