Lucene search
K
DebiancveMost viewed

59600 matches found

Debian CVE
Debian CVE
added 2023/07/24 7:38 p.m.46 views

CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

5.5CVSS6.6AI score0.05794EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/07/20 12:22 a.m.46 views

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

7.8CVSS7.9AI score0.00316EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/07/17 12:0 a.m.46 views

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...

9.8CVSS7.2AI score0.01129EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.46 views

CVE-2023-25732

When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS8.5AI score0.00737EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/05/02 11:47 p.m.46 views

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00968EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/04/15 12:0 a.m.46 views

CVE-2021-43612

In lldpd before 1.0.13, when decoding SONMP packets in the sonmpdecode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets...

7.5CVSS7.5AI score0.01142EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/03/31 12:0 a.m.46 views

CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

9.8CVSS9.7AI score0.06341EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/02/28 5:19 p.m.46 views

CVE-2022-41724

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.7AI score0.01111EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/01/30 1:17 p.m.46 views

CVE-2023-0240

There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...

7.8CVSS6.4AI score0.00269EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/01/17 7:11 p.m.46 views

CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS6.5AI score0.01879EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/30 12:0 a.m.46 views

CVE-2022-42255

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering...

7.8CVSS7.4AI score0.00268EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/26 12:0 a.m.46 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS4.6AI score0.00613EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.46 views

CVE-2022-34480

Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...

8.8CVSS9.5AI score0.00542EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.46 views

CVE-2022-40962

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

8.8CVSS9.5AI score0.01342EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/15 12:0 a.m.46 views

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...

8.8CVSS8.4AI score0.08523EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/08 7:3 p.m.46 views

CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS7.6AI score0.05623EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/11/23 12:0 a.m.46 views

CVE-2021-46854

modradius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters...

7.5CVSS7.3AI score0.01129EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.46 views

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

6.1CVSS6.2AI score0.01192EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.46 views

CVE-2022-3657

Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS9.6AI score0.00347EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.46 views

CVE-2022-3652

Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00597EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/10/16 6:25 p.m.46 views

CVE-2022-3527

Removed by vendor...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2022/10/12 12:0 a.m.46 views

CVE-2021-36369

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

7.5CVSS7.7AI score0.01348EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/26 3:1 p.m.46 views

CVE-2022-3049

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.6AI score0.00528EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/23 6:58 p.m.46 views

CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior...

8.8CVSS2.5AI score0.00615EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/23 6:58 p.m.46 views

CVE-2022-22624

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS3AI score0.01023EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/14 6:59 p.m.46 views

CVE-2022-1972

Removed by vendor...

7.2AI score
Exploits1
Debian CVE
Debian CVE
added 2022/09/06 5:3 p.m.46 views

CVE-2021-43565

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

7.5CVSS7AI score0.00948EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/05 12:0 a.m.46 views

CVE-2022-38749

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

6.5CVSS6.3AI score0.01583EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/08/31 3:32 p.m.46 views

CVE-2022-1247

An issue found in linux-kernel that leads to a race condition in roseconnect. The rose driver uses roseneigh-use to represent how many objects are using the roseneigh. When a user wants to delete a roseroute via roseioctl, the rose driver calls rosedelnode and removes neighbours only if their...

7CVSS7AI score0.00258EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/08/25 5:24 p.m.46 views

CVE-2022-2991

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and...

6.7CVSS8AI score0.00412EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/08/12 7:36 p.m.46 views

CVE-2022-2609

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS9.7AI score0.00422EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/08/12 7:36 p.m.46 views

CVE-2022-2607

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS9.7AI score0.00411EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/08/11 12:0 a.m.46 views

CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...

7.5CVSS7.2AI score0.01138EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/07/28 12:40 a.m.46 views

CVE-2022-2157

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.5AI score0.00823EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/07/26 9:32 p.m.46 views

CVE-2022-1486

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

8.8CVSS8.4AI score0.00771EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/07/25 12:0 a.m.46 views

CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

8.8CVSS8.6AI score0.0113EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/07/15 8:0 p.m.46 views

CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

7.5CVSS7.6AI score0.0232EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/07/14 8:5 p.m.46 views

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS5AI score0.00467EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/07/01 12:0 a.m.46 views

CVE-2022-2264

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0...

7.8CVSS2.7AI score0.01224EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/06/29 11:48 p.m.46 views

CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the doi2cmd function...

9.8CVSS10AI score0.02006EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/06/16 12:0 a.m.46 views

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

7.8CVSS6.3AI score0.01327EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/06/09 12:50 p.m.46 views

CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

7.2CVSS1.2AI score0.00494EPSS
Exploits3
Debian CVE
Debian CVE
added 2022/06/06 6:1 p.m.46 views

CVE-2022-1966

Removed by vendor...

7.2AI score
Exploits5
Debian CVE
Debian CVE
added 2022/05/31 2:20 a.m.46 views

CVE-2022-1934

Use After Free in GitHub repository mruby/mruby prior to 3.2...

7.8CVSS1.4AI score0.00398EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/05/06 4:43 a.m.46 views

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.4AI score0.11264EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/05/04 10:53 p.m.46 views

CVE-2022-30292

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sqreservestack call...

10CVSS9.2AI score0.03576EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/05/04 9:35 p.m.46 views

CVE-2022-30284

Removed by vendor...

9.8CVSS9.4AI score0.04936EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/05/02 10:24 p.m.46 views

CVE-2021-42528

XMP Toolkit 2021.07 and earlier is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

7.1CVSS6.1AI score0.01824EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/05/01 3:25 p.m.46 views

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.04658EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/04/25 12:0 a.m.46 views

CVE-2022-1441

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diSTboxread to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllable ...

7.8CVSS8.3AI score0.00935EPSS
Exploits1
Total number of security vulnerabilities5000