Leap Security Vulnerabilities
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka...
4.3CVSS
5.4AI Score
0.001EPSS
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's...
9.8CVSS
9.2AI Score
0.002EPSS
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response...
5.9CVSS
5.4AI Score
0.002EPSS
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an...
9.8CVSS
9.1AI Score
0.666EPSS
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong...
7.5CVSS
7.1AI Score
0.006EPSS
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling...
9.8CVSS
9AI Score
0.007EPSS
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is...
9.8CVSS
9.1AI Score
0.007EPSS
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the...
9.8CVSS
9.1AI Score
0.007EPSS
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may...
7.5CVSS
8.2AI Score
0.004EPSS
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...
5.9CVSS
6.5AI Score
0.009EPSS
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and...
4.2CVSS
5AI Score
0.0005EPSS
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in...
7.5CVSS
7.3AI Score
0.008EPSS
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket...
7.5CVSS
7.5AI Score
0.017EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer...
7.5CVSS
7.3AI Score
0.014EPSS
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater...
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer...
6.5CVSS
6.6AI Score
0.009EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in...
7.5CVSS
7.2AI Score
0.013EPSS
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.6AI Score
0.001EPSS
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH...
5.9CVSS
5.4AI Score
0.004EPSS
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and...
7.8CVSS
7.6AI Score
0.001EPSS
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the...
7.8CVSS
7.3AI Score
0.001EPSS
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails....
7.5CVSS
7.1AI Score
0.005EPSS
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line...
5.5CVSS
4.9AI Score
0.001EPSS
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to....
4.4CVSS
4.4AI Score
0.0004EPSS
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk...
7.5CVSS
8AI Score
0.002EPSS
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction...
8.6CVSS
8.7AI Score
0.003EPSS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer...
8.2CVSS
8.6AI Score
0.003EPSS
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write...
6CVSS
5.7AI Score
0.0004EPSS
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path...
7.4CVSS
7.2AI Score
0.059EPSS
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network...
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka...
5.5CVSS
5.8AI Score
0.0004EPSS
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to...
2.5CVSS
4.8AI Score
0.0005EPSS
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka...
5.5CVSS
5.3AI Score
0.001EPSS
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS...
3.2CVSS
4.8AI Score
0.0005EPSS
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write()...
3.9CVSS
5AI Score
0.0005EPSS
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or...
5.3CVSS
6.5AI Score
0.0005EPSS
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname...
5.9CVSS
5.5AI Score
0.003EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized...
5.5CVSS
5.8AI Score
0.0005EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in...
7.1CVSS
6.4AI Score
0.002EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in...
8.3CVSS
8AI Score
0.002EPSS
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary...
8.1CVSS
7.8AI Score
0.008EPSS
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free...
8.2CVSS
8.2AI Score
0.003EPSS
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from...
9.1CVSS
6.8AI Score
0.002EPSS
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF...
7.5CVSS
7.7AI Score
0.002EPSS
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the...
7CVSS
7.5AI Score
0.922EPSS
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by...
8.8CVSS
8.5AI Score
0.003EPSS
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a...
7.5CVSS
7.2AI Score
0.004EPSS
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted...
7.5CVSS
7.3AI Score
0.011EPSS
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream...
7.5CVSS
7.4AI Score
0.02EPSS
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC...
7.5CVSS
7.4AI Score
0.006EPSS