[Out of Bounds Read in convertSubgraphFromHAL in ShimConverter.cpp in libneuralnetworks_shim_static]
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
ID4me feature of OpenID connect app available even when disabled
Description Impact Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. Patches It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0...
6.3CVSS
6.5AI Score
0.0004EPSS
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
7.2AI Score
0.0004EPSS
OpenStack Glance Denial of service by creating a large number of images
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different...
6.8AI Score
0.007EPSS
[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Out of Bounds Read in register_notification_rsp in btif_rc.cc in libbtif]
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
DoS (Denial of Service) in Confluence Data Center and Server
This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...
9.8CVSS
7.6AI Score
EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jShell_1.x Log4j RCE 1.x Poc Attack...
1.7AI Score
[Out of Bounds Write in ConvertRGBToPlanarYUV in C2InterfaceHelper.cpp in libsfplugin_ccodec_utils]
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Out of Bounds Read in setOperandValue in ShimPreparedModel.cpp in libneuralnetworks_cl]
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Permanent denial of service via JobScheduler#schedule with invalid JobInfo.extras
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
Permanent denial of service via ShortcutManager#addDynamicShortcuts with invalid Intent.mFlags
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
[Crafted AVRCP Response Causes Out-of-bounds Read in Bluetooth]
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Users can delete old versions of read-only shared files
Description Impact A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server is...
3.5CVSS
6.5AI Score
0.0004EPSS
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
7.2AI Score
[Out of Bounds Read in AnalyzeMfcResp in NxpMfcReader.cc in nfc_nci_nxp]
In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
[Out of Bounds Read in deserialize in ExecutionBurstServer.cpp in libneuralnetworks_common_defaults]
In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
Denial of service of Minder Server with attacker-controlled REST endpoint in...
5.3CVSS
6.5AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-21882 Win32k Elevation Of Privileges...
7.8CVSS
8.2AI Score
0.001EPSS
sqlparse is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse() method resulting in a...
7.5CVSS
6.9AI Score
0.0004EPSS
Denial Of Service (DoS) Through Infinite Loop
libX11.so is vulnerable to Denial of Service (DoS). The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of....
5.5CVSS
6.7AI Score
0.0004EPSS
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
7.2AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j2-scan is a single binary...
10CVSS
9.6AI Score
0.975EPSS
CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...
8.8CVSS
9.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4shell-finder - Fastest file system scanner for log4j...
8AI Score
Aimeos denial of service vulnerability in SaaS and marketplace setups
Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...
5.5CVSS
7AI Score
0.0004EPSS
Aimeos denial of service vulnerability in SaaS and marketplace setups
Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...
5.5CVSS
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
7.8CVSS
8.5AI Score
0.0005EPSS
moby docker daemon crash during image pull of malicious image
Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....
6.5CVSS
6.6AI Score
0.006EPSS
moby docker daemon crash during image pull of malicious image
Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....
6.5CVSS
6.6AI Score
0.006EPSS
CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine...
9.8CVSS
-0.4AI Score
0.975EPSS
PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access
The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this...
7AI Score
0.58EPSS
pdns-recursor is vulnerable to a Denial of Service(DoS). The vulnerability is due to the Recursor's improper handling of crafted responses received from upstream servers during recursive forwarding, allows attackers to trigger a Denial of...
7.5CVSS
7.4AI Score
0.0004EPSS
github.com/vitessio/vitess is vulnerable to Denial Of Service (DoS). The vulnerability is caused by an endless loop triggered by a specific query in the vtgate component. This loop leads to continuous memory consumption, eventually resulting in Denial of Service...
4.9CVSS
6.7AI Score
0.0004EPSS
Cisco Unified IP Conference Station 7937G - Denial-of-Service
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned.....
7.5CVSS
7.5AI Score
0.073EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...
8.8CVSS
8AI Score
0.001EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
9.2AI Score
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...
7AI Score
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerabilit...
5.3CVSS
6.9AI Score
0.001EPSS
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size...
7.5CVSS
7.6AI Score
0.043EPSS
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...
8.2AI Score
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...
8.2AI Score
6.4AI Score
0.0004EPSS