An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust...
7.5CVSS
7.2AI Score
0.019EPSS
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary...
7.5CVSS
7.3AI Score
0.019EPSS
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents...
6.3CVSS
5.8AI Score
0.0004EPSS
Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which...
7.8CVSS
7.2AI Score
0.002EPSS
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an...
8.1AI Score
0.075EPSS
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to ...
6.5CVSS
6.9AI Score
0.006EPSS
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a ...
6.5CVSS
6.9AI Score
0.004EPSS
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine.....
6AI Score
0.0004EPSS
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more....
7.7AI Score
0.0004EPSS
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method...
5.8AI Score
0.0004EPSS
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file...
5.8AI Score
0.0004EPSS
The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete...
5.8AI Score
0.0004EPSS
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted...
6.6CVSS
7.2AI Score
0.002EPSS
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a....
6.3CVSS
5.2AI Score
0.002EPSS
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and...
5.5CVSS
5.2AI Score
0.001EPSS
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in...
5.5CVSS
5.2AI Score
0.001EPSS
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname...
5.9CVSS
5.4AI Score
0.003EPSS
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are...
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be...
5.3CVSS
6.7AI Score
0.002EPSS
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com...
9.1CVSS
8.9AI Score
0.002EPSS
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return...
5.3CVSS
6.8AI Score
0.002EPSS
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary...
8.8CVSS
8.9AI Score
0.008EPSS
7.8CVSS
7.6AI Score
0.001EPSS
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in...
7.4CVSS
6.9AI Score
0.004EPSS
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object...
5.5CVSS
5.3AI Score
0.006EPSS
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to...
7.8CVSS
7.3AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.005EPSS
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on...
6.5AI Score
0.0004EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory...
7.8CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of...
5.5CVSS
6AI Score
0.001EPSS
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink....
7.8CVSS
7.2AI Score
0.0004EPSS
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks.....
7.8CVSS
7.2AI Score
0.001EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of...
5.5CVSS
6AI Score
0.001EPSS
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified...
7.5CVSS
7AI Score
0.019EPSS
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo...
7.8CVSS
8.1AI Score
0.006EPSS
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length...
9.8CVSS
9.4AI Score
0.021EPSS
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command...
7.8CVSS
8.7AI Score
0.0004EPSS
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command...
9.8CVSS
9.5AI Score
0.014EPSS
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp...
8.8CVSS
8.5AI Score
0.003EPSS
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp...
8.8CVSS
8.5AI Score
0.003EPSS
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in...
5.5CVSS
5.7AI Score
0.001EPSS
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp...
8.1CVSS
8.2AI Score
0.003EPSS
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in...
5.5CVSS
5.3AI Score
0.001EPSS
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca...
8.8CVSS
8.4AI Score
0.003EPSS
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged.....
8.8CVSS
8.8AI Score
0.008EPSS
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU...
5.5CVSS
5.4AI Score
0.001EPSS
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the.....
7.5CVSS
7.2AI Score
0.006EPSS
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp...
8.1CVSS
8.2AI Score
0.003EPSS