Index-out-of-bounds in LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51965 Crash type: Index-out-of-bounds Crash state: LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab LibRaw::ahd_interpolate...
-0.1AI Score
In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS
8.8AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
POC for CVE-2021-44228 This python script was created while...
10CVSS
10AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Northwave Log4j CVE-2021-44228 checker Friday 10 December...
9.1AI Score
9.8CVSS
8.2AI Score
0.003EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...
8AI Score
xwayland is vulnerable to an out-of-bounds memory access flaw. The vulnerability is due to improper handling of devices reattachment scenarios, specifically when a device frozen by a sync grab is reattached to a different master...
7.8CVSS
6.6AI Score
0.0004EPSS
K12201527: Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....
7.1AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...
7.8CVSS
8.5AI Score
0.0005EPSS
Denial of service of Minder Server with attacker-controlled REST endpoint
The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....
5.3CVSS
6.8AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4NoShell A Java Agent that disables Apache Log4J's JNDI...
8.6AI Score
libtiff.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to the TIFFRasterScanlineSize64 function returning excessively small or large sizes for certain TIFF inputs. This flaw allows a remote attacker to cause a Denial Of Service (DoS) via a crafted input with a size smaller...
7.5CVSS
6.8AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228_scanner Applications that are vulnerable to...
10CVSS
10AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4NoShell A Java Agent that disables Apache Log4J's JNDI...
8.6AI Score
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...
7.5CVSS
6.7AI Score
0.002EPSS
github.com/sajari/docconv is vulnerable to Denial Of Service (DOS). The vulnerability exists in multiple functions because manipulation with an unknown input leads to a memory allocation when reading files from a ZIP...
6.5CVSS
6.8AI Score
0.002EPSS
com.github.seancfoley: ipaddress is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing checks for a radix value of 2 or greater when the radix value is passed as an argument to the IPAddressBitsDivision constructor. The IPAddressBitsDivision constructor internally calls the....
5.5CVSS
6.8AI Score
0.0004EPSS
Drupal is vulnerable to Denial of Service (DoS). The vulnerability is caused due to improper handling of structural elements, which can result in Denial of...
7.5CVSS
6.8AI Score
0.001EPSS
Craft CMS is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper input validation within the Feed-Me Name and Feed-Me URL fields while saving a feed using an Asset element type with no volume selected. This issue can be exploited by an attacker to perform a...
7.5CVSS
6.7AI Score
0.001EPSS
Exploit for Download of Code Without Integrity Check in Fortinet Fortios
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...
7.8CVSS
7.4AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Nmap Log4Shell NSE script for discovery Apache Log4j RCE...
9.2AI Score
libopencv_contrib.so is vulnerable to Denial of Service (DoS). A null pointer dereference in the wechat_qrcode module allows a remote attacker to crash affected applications by sending a specially crafted QR code. The vulnerability exists in DecodedBitStreamParser::decodeByteSegment function of...
7.5CVSS
7AI Score
0.002EPSS
Exploit for Exposure of Resource to Wrong Sphere in Microsoft
Blank Space Blank Space is a refactoring of James Forshaw's...
8.6AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4NoShell A Java Agent that disables Apache Log4J's JNDI...
8.6AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4NoShell A Java Agent that disables Apache Log4J's JNDI...
8.6AI Score
Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware
easy-exploits The current repository contains exploits of...
7AI Score
Exposure Of Sensitive Information
github.com/openshift/cluster-monitoring-operator is vulnerable to Exposure of Sensitive Information. The vulnerability is due to an annotation in the telemeter-client pod in the openshift-monitoring namespace that contains the cluster's pull secret, which can be accessed by users with sufficient...
7.7CVSS
6.9AI Score
0.0004EPSS
Bouncy Castle is vulnerable to Denial of Service (DoS). The vulnerability is due to improper validation of F2m parameters, allowing an attacker to craft a certificate that causes high CPU usage during the evaluation of the curve...
6.2AI Score
EPSS
Use-of-uninitialized-value in aesEncryptBlock
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67066 Crash type: Use-of-uninitialized-value Crash state: aesEncryptBlock EncryptStream::lookChar...
7.2AI Score
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...
7.5CVSS
6.7AI Score
0.002EPSS
Unrestricted Upload Of File With Dangerous Type
typo3/cms-core is vulnerable toUnrestricted Upload of File with Dangerous Type. The vulnerability is due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] allowing attackers to upload files like *.phar, *.shtml, *.pl, or *.cgi, which can be executed in certain web.....
7.1AI Score
org.mvel: mvel2 is vulnerable to Denial Of Service (DoS). The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression (MVEL). A malicious user can craft an MVEL expression and pass to the...
5.3CVSS
6.7AI Score
0.001EPSS
Libopencv_contrib.so is vulnerable to Denial of Service (DoS). This vulnerability exists due to a lack of proper buffer cleanup during an error in the DecodedBitStreamParser function of decoded_bit_stream_parser.cpp', which allows an attacker to cause an application crash when scanning a QR...
7.5CVSS
7.1AI Score
0.002EPSS
mindspore is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an application crash due to a memory corruption due to the function JsonHelper::UpdateArray in the file...
6.5CVSS
7AI Score
0.002EPSS
github.com/etcd-io/etcd is vulnerable to Denial of Service (DoS) attacks.. The vulnerability exists because the PageWriter.write function does not properly handle large requests, which an attacker to exploit this vulnerability by sending a specially crafted request that is larger than the expected....
7.5CVSS
6.6AI Score
0.001EPSS
Deserialization Of Untrusted Data
Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...
8.8CVSS
7AI Score
0.003EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
5.5CVSS
6.3AI Score
0.0004EPSS
Exploit for Cleartext Storage of Sensitive Information in Keepass
CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at...
5.5CVSS
6.2AI Score
0.001EPSS
gnutls is vulnerable to Denial of Service(DoS). The vulnerability is due to excessive resource consumption caused by the "certtool --verify-chain" command when verifying a specially crafted .pem bundle, leading to an application...
5CVSS
7.1AI Score
0.0004EPSS
Impact of TunnelVision Vulnerability
The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...
7.6CVSS
6.3AI Score
0.0005EPSS
Task hijacking of apps that set allowTaskReparenting="true"
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Talkback reads notifications of non-current Android user
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...
7.8CVSS
7.2AI Score
0.0004EPSS
[Out of Bounds Read in WT_VoiceGain in eas_wtengine.c]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...
7.2AI Score
0.0004EPSS
Local persistent denial of service when setting PackageManager.GET_SIGNATURES
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Can access comments and attachments of deleted cards
Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...
4.3CVSS
6.6AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Gnu Glibc
CVE-2023-4911 - Looney Tunables This is a (atm very rough)...
7.8CVSS
8.4AI Score
0.014EPSS
Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...
7.5CVSS
8AI Score
0.0004EPSS