ibX11.so is vulnerable to Out-of-bounds Read. The vulnerability is due to function _XkbReadKeySyms allocating insufficient memory for the keysym buffer also failure to handle errors returned by _XkbReadBufferCopyKeySyms. This can leads to potential buffer overflow and out-of-bounds memory...
6.5CVSS
7.4AI Score
0.0004EPSS
grub2 is vulnerable to Out-of-bounds Read. The vulnerability allows an attacker to read arbitrary memory locations, including sensitive data such as cached passwords and EFI variable values, by presenting a specially crafted NTFS filesystem...
5.3CVSS
6.7AI Score
0.001EPSS
libXpm is vulnerable to Out-of-bounds Read. The vulnerability is caused due to a boundary condition that can be exploited to read contents of memory of the system. An attacker can trigger this out-of-bounds read error compromising confidentiality of the...
5.5CVSS
6.8AI Score
0.0004EPSS
X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX...
7.8CVSS
6.7AI Score
0.0004EPSS
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Use-of-uninitialized-value in spvTextEncodeOperand
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69388 Crash type: Use-of-uninitialized-value Crash state: spvTextEncodeOperand spvTextEncodeOpcode...
7.2AI Score
.netrc parser out-of-bounds access
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....
6.5CVSS
7.7AI Score
0.002EPSS
7.8CVSS
8.2AI Score
0.001EPSS
qemu is vulnerable to Denial of Service (DoS). A wrong exit condition within qemu may lead to an infinite loop in the 'inflate_buffer' function resulting in a denial of...
6.5CVSS
6.7AI Score
0.002EPSS
libssh is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of proper validation and checking of return values in the abstract layer for message digest (MD) operations implemented by different supported crypto backends. This could lead to low-memory failures and potentially....
5.3CVSS
7AI Score
0.001EPSS
X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to not allocating sufficient memory space for the devices's particular number of logical buttons. This can lead to a heap overflow if a bigger value is used. DeviceFocusEventand the XIQueryPointer reply of X.Org...
9.8CVSS
7.3AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit-Exploit CVE-2021-4034 ...
8.1AI Score
libxpm.so is vulnerable to Out-of-bounds Read. The vulnerability is due to a boundary condition, allowing a local user to trigger an out of bounds read error and read memory contents from the...
5.5CVSS
6.7AI Score
0.0004EPSS
jwcrypto is vulnerable to Denial Of Service (DoS). The vulnerability is due to a missing upper bound check in the p2c header value (PBES2 count) which contains the PBKDF2 iteration count used in the PBKDF2 cryptographic key derivation function. The unbounded value can be exploited by an attacker...
5.3CVSS
6.9AI Score
0.0004EPSS
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password...
6.1CVSS
6AI Score
0.002EPSS
wallabag/wallabag is vulnerable to Denial Of Service. The vulnerability exists due a lack of a max size checks in the name parameter which allows an attacker to cause a denial of...
6.5CVSS
6.6AI Score
0.001EPSS
By-passing Protection of PharStreamWrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....
7.5AI Score
Denial of Service in Spring Framework
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller....
7.5CVSS
2AI Score
0.004EPSS
rexml is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper parsing of XML with many <characters in an attribute value, which allows an attacker to cause Denial of...
5.3CVSS
6.2AI Score
0.0004EPSS
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....
6.5CVSS
7AI Score
0.0004EPSS
By-passing Protection of PharStreamWrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....
7.5AI Score
Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K
xortigate-cve-2023-27997 Exploit for xortigate...
9.8CVSS
10AI Score
0.147EPSS
Exploit for Incorrect Implementation of Authentication Algorithm in Microsoft
🛑 Microsoft SharePoint: CVE-2023-29357 🛑 **Microsoft...
9.8CVSS
9.9AI Score
0.803EPSS
China Suspected in Major Cyberattack on UK’s Ministry of Defence (MoD)
By Waqas UK Ministry of Defence (MoD) faces potential Chinese cyberattack. Learn more about the details of the alleged attack, China's role in cyberspace, potential consequences, and the importance of international cooperation in cybersecurity. This is a post from HackRead.com Read the original...
7.3AI Score
Exploit for Out-of-bounds Write in Linux Linux Kernel
Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....
7.8CVSS
8.1AI Score
0.002EPSS
RHEL 8 : nodejs-kind-of (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes ...
8.6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196,....
8.8CVSS
7.4AI Score
0.038EPSS
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....
8.8CVSS
7.4AI Score
0.038EPSS
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....
8.1CVSS
0.0004EPSS
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....
8.8CVSS
7.4AI Score
0.038EPSS
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....
6.5CVSS
6.5AI Score
0.0004EPSS
MsQuic Remote Denial of Service Vulnerability
Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...
7.5CVSS
6.7AI Score
0.001EPSS
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....
8.8CVSS
7.4AI Score
0.038EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
Resumen Técnico del Ataque: CVE-2023-46604 El script explota...
10CVSS
6.9AI Score
0.931EPSS
Exploit for Improper Handling of Exceptional Conditions in Google Android
CVE-2021-0928, writeToParcel/createFromParcel serialization...
8.2AI Score
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache...
9.8CVSS
8.6AI Score
0.971EPSS
Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K
Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...
9.8CVSS
10AI Score
0.147EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
nftables oob read/write exploit (CVE-2023-35001) Exploit...
7.8CVSS
6.8AI Score
0.0005EPSS
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....
8.1CVSS
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...
9.8CVSS
9.6AI Score
0.018EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 centos8可用版本...
7.8CVSS
8.6AI Score
0.0005EPSS
Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform
CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...
8.9CVSS
8.9AI Score
0.121EPSS
MsQuic Remote Denial of Service Vulnerability
Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...
7.5CVSS
6.7AI Score
0.001EPSS
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass Script to check...
9.8CVSS
9.2AI Score
0.971EPSS
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...
6.8CVSS
6.5AI Score
0.001EPSS
Improper use of metav1.Duration allows for Denial of Service
Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...
5CVSS
1.6AI Score
0.001EPSS
phpseclib/phpseclib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime(). It allows an attacker to trigger excessive CPU consumption during the isPrime primality...
6.9AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
更全面的Dubbo漏洞扫描工具见我的另一个项目:https://github.com/YYHYlh/Dubbo-Scan...
9.8CVSS
9.3AI Score
0.015EPSS
air-insignes.fr Cross Site Scripting vulnerability OBB-3861029
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score