TCPDF vulnerable to Regular Expression Denial of Service
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted...
5.8AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
Resumen Técnico del Ataque: CVE-2023-46604 El script explota...
10CVSS
6.9AI Score
0.964EPSS
PyMongo Out-of-bounds Read in the bson module
Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...
8.1CVSS
4.7AI Score
0.001EPSS
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for.....
6.5CVSS
7.3AI Score
0.0004EPSS
[Out of Bounds Read in convertSubgraphFromHAL in ShimConverter.cpp in libneuralnetworks_shim_static]
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
TCPDF vulnerable to Regular Expression Denial of Service
TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted...
5.9AI Score
0.0004EPSS
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...
9.8CVSS
9.6AI Score
0.018EPSS
vyper performs multiple eval of `sqrt()` argument built in
Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult (but not impossible!) to trigger as of 0.3.4, when the unique symbol fence was introduced (https://github.com/vyperlang/vyper/pull/2914). A contract...
5.3CVSS
5.4AI Score
0.0004EPSS
Denial of service of Minder Server from maliciously crafted GitHub attestations in...
5.3CVSS
5.2AI Score
0.0004EPSS
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Improper Neutralization of HTTP Headers in...
4.3CVSS
6.8AI Score
0.0004EPSS
Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
Enumeration of users in HashiCorp Vault in...
5.3CVSS
6.7AI Score
0.001EPSS
Permanent denial of service via JobScheduler#schedule with invalid JobInfo.extras
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
[Out of Bounds Write in ConvertRGBToPlanarYUV in C2InterfaceHelper.cpp in libsfplugin_ccodec_utils]
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Out of Bounds Read in setOperandValue in ShimPreparedModel.cpp in libneuralnetworks_cl]
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Permanent denial of service via ShortcutManager#addDynamicShortcuts with invalid Intent.mFlags
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
[Crafted AVRCP Response Causes Out-of-bounds Read in Bluetooth]
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in...
7CVSS
6.8AI Score
0.0004EPSS
Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a...
7.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
7.9AI Score
0.005EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Wpallimport Wp All Import
WordPress Plugin WP All Import <= 3.6.7 - Thực thi mã từ xa...
7.2CVSS
7.1AI Score
0.015EPSS
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a...
5.9CVSS
3.7AI Score
0.005EPSS
Denial of service in HashiCorp Consul in github.com/hashicorp/consul
Denial of service in HashiCorp Consul in...
7.5CVSS
6.6AI Score
0.002EPSS
[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Out of Bounds Read in register_notification_rsp in btif_rc.cc in libbtif]
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
gqlparser denial of service vulnerability via the parserDirectives function
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...
6.8AI Score
0.0004EPSS
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Use of Insufficiently Random Values in...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Validation of Array Index in github.com/greenpau/caddy-security
Improper Validation of Array Index in...
5.3CVSS
6.8AI Score
0.0004EPSS
Improper Validation of Array Index in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead...
5.3CVSS
7.1AI Score
0.0004EPSS
In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Bypass patch of 209446496: Secondary user could disable secure nfc
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User.....
7.8CVSS
6.8AI Score
0.0004EPSS
[Out of Bounds Write in phNciNfc_MfCreateXchgDataHdr in phNxpExtns_MifareStd.cpp in libnfc_nci_jni]
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
Snakeyaml vulnerable to Stack overflow leading to denial of service
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
6.5CVSS
5.1AI Score
0.006EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
5.5CVSS
6.6AI Score
0.0004EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
Build Numbers and Versions of Veeam Recovery Orchestrator
This KB article lists all versions of Veeam Recovery Orchestrator and their respective build...
6.9AI Score
Out-of-bounds write in ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....
8.8CVSS
6AI Score
0.038EPSS
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,....
8.8CVSS
6AI Score
0.038EPSS
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a...
5.9CVSS
6AI Score
0.005EPSS
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
7.2AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...
8.3CVSS
7.7AI Score
0.002EPSS
Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...
4.7CVSS
6.7AI Score
0.0004EPSS
CVE-2024-33000 Missing Authorization check in SAP Bank Account Management
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...
3.5CVSS
4.7AI Score
0.0004EPSS
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...
7.2AI Score
0.0004EPSS
pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket...
6.8AI Score
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost fails to check whether the "Allow users to view archived channels" setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the "Allow users to view archived channels" setting is...
4.3CVSS
4.6AI Score
0.0004EPSS
8.2AI Score
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service (DoS) attack by submitting maliciously crafted large...
5.3CVSS
7.2AI Score
0.0004EPSS