url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack...
7.5CVSS
7.2AI Score
0.004EPSS
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at...
7.5CVSS
7.2AI Score
0.005EPSS
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in...
5.5CVSS
5.4AI Score
0.001EPSS
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and...
5.5CVSS
5.3AI Score
0.001EPSS
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in...
5.5CVSS
5.7AI Score
0.001EPSS
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp...
8.1CVSS
8.2AI Score
0.003EPSS
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress...
9.8CVSS
9.6AI Score
0.01EPSS
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the.....
7.5CVSS
7.2AI Score
0.006EPSS
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may...
2.4CVSS
5.1AI Score
0.001EPSS
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified...
7.5CVSS
7AI Score
0.035EPSS
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses...
9.8CVSS
9.2AI Score
0.007EPSS
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2....
5.5CVSS
5.1AI Score
0.0004EPSS
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON...
7.5CVSS
6.7AI Score
0.019EPSS
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted...
5.5CVSS
6.7AI Score
0.006EPSS
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process...
5.5CVSS
6.5AI Score
0.0005EPSS
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service...
7.5CVSS
7.5AI Score
0.582EPSS
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,.....
6.5CVSS
5.9AI Score
0.0005EPSS
9.8CVSS
9.3AI Score
0.002EPSS
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this...
7.5CVSS
6.9AI Score
0.001EPSS
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service,....
7.5CVSS
7.4AI Score
0.01EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in...
7.5CVSS
7.2AI Score
0.012EPSS
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket...
7.5CVSS
7.6AI Score
0.017EPSS
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in...
8.8CVSS
8.7AI Score
0.004EPSS
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a...
8.8CVSS
8.7AI Score
0.283EPSS
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater...
7.5CVSS
8.1AI Score
0.002EPSS
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer...
9.8CVSS
9.2AI Score
0.004EPSS
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message.....
5.5CVSS
5.5AI Score
0.0004EPSS
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit...
7.8CVSS
8.5AI Score
0.006EPSS
7.8CVSS
8.5AI Score
0.004EPSS
7.8CVSS
8.7AI Score
0.001EPSS
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project...
6.5CVSS
6.3AI Score
0.001EPSS
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute...
8.8CVSS
8.9AI Score
0.001EPSS
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta...
8.8CVSS
6.3AI Score
0.001EPSS
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource...
6.5CVSS
6.3AI Score
0.001EPSS
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image...
5.5CVSS
5.8AI Score
0.015EPSS
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image...
5.5CVSS
5.8AI Score
0.009EPSS
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer...
9.8CVSS
9.5AI Score
0.409EPSS
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as....
6.1AI Score
0.129EPSS
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping...
7.5CVSS
7.2AI Score
0.017EPSS
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service...
7.5CVSS
7AI Score
0.041EPSS
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified...
7.5CVSS
7.1AI Score
0.02EPSS
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as...
7.8CVSS
7.9AI Score
0.0004EPSS
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object...
5.5CVSS
5.3AI Score
0.006EPSS
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit...
6.5CVSS
6.9AI Score
0.003EPSS
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary...
7CVSS
6.9AI Score
0.0004EPSS
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel...
5.6CVSS
6AI Score
0.001EPSS
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of...
6.3CVSS
5.6AI Score
0.002EPSS
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are.....
6.7CVSS
7.2AI Score
0.001EPSS
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting.....
7.5CVSS
7.2AI Score
0.013EPSS
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client...
9.1CVSS
8.7AI Score
0.046EPSS