fedora · threatengine.sh

CVE-2026-35094

all versions

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dang

3.3LOW

CVE-2026-35093

all versions

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user confi

8.8HIGH

CVE-2023-4134

all versions

A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup r

5.5MEDIUM

CVE-2024-3056

all versions

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to shar

7.7HIGH

CVE-2024-6293

all versions

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-6292

all versions

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-6291

all versions

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corru

8.8HIGH

CVE-2024-6290

all versions

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-38277

all versions

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeabl

5.4MEDIUM

CVE-2024-38276

all versions

Incorrect CSRF token checks resulted in multiple CSRF risks.

8.8HIGH

CVE-2024-38274

all versions

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

6.1MEDIUM

CVE-2024-38273

all versions

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permiss

5.4MEDIUM

CVE-2024-5847

all versions

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-5846

all versions

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-5845

all versions

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-5844

all versions

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds me

8.8HIGH

CVE-2024-5843

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security

6.5MEDIUM

CVE-2024-5842

all versions

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in s

8.8HIGH

CVE-2024-5841

all versions

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2024-5840

all versions

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via

6.5MEDIUM

CVE-2024-5839

all versions

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially

6.5MEDIUM

CVE-2024-5838

all versions

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via

8.8HIGH

CVE-2024-5837

all versions

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory

8.8HIGH

CVE-2024-5836

all versions

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to insta

8.8HIGH

CVE-2024-5835

all versions

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engag

8.8HIGH

CVE-2024-5834

all versions

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code v

8.8HIGH

CVE-2024-5833

all versions

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory

8.8HIGH

CVE-2024-5832

all versions

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption vi

8.8HIGH

CVE-2024-5831

all versions

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption vi

8.8HIGH

CVE-2024-5830

all versions

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write vi

8.8HIGH

CVE-2024-4577

all versions

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the sy

9.8CRITICAL

CVE-2024-2408

all versions

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable

5.9MEDIUM

CVE-2024-5585

all versions

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the com

7.7HIGH

CVE-2024-5458

all versions

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such

5.3MEDIUM

CVE-2024-5499

all versions

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code in

8.8HIGH

CVE-2024-5498

all versions

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap

8.8HIGH

CVE-2024-5497

all versions

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user

8.8HIGH

CVE-2024-5496

all versions

Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code insid

8.8HIGH

CVE-2024-5495

all versions

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-5494

all versions

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-5493

all versions

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corr

8.8HIGH

CVE-2024-35200

all versions

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc

5.3MEDIUM

CVE-2024-34161

all versions

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transm

5.3MEDIUM

CVE-2024-32760

all versions

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX

6.5MEDIUM

CVE-2024-31079

all versions

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker proc

4.8MEDIUM

CVE-2024-5274

all versions

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox

9.6CRITICAL

CVE-2024-5160

all versions

Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory

8.8HIGH

CVE-2024-5159

all versions

Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory

8.8HIGH

CVE-2024-5158

all versions

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write

8.1HIGH

CVE-2024-5157

all versions

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a

8.8HIGH

CVE-2024-35949

all versions

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks

7.8HIGH

CVE-2024-35947

all versions

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from

5.5MEDIUM

CVE-2024-36048

all versions

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x th

9.8CRITICAL

CVE-2024-31142

all versions

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be us

7.5HIGH

CVE-2023-46842

all versions

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set

6.5MEDIUM

CVE-2024-4950

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user t

6.5MEDIUM

CVE-2024-4949

all versions

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via

6.5MEDIUM

CVE-2024-4948

all versions

Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption vi

6.5MEDIUM

CVE-2024-4947

all versions

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox

9.6CRITICAL

CVE-2024-3044

all versions

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document wh

6.5MEDIUM

CVE-2024-32465

all versions

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it f

7.3HIGH

CVE-2024-32021

all versions

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a loc

3.9LOW

CVE-2024-32020

all versions

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may e

3.9LOW

CVE-2024-32004

all versions

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can pr

8.1HIGH

CVE-2024-4761

all versions

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory wr

8.8HIGH

CVE-2024-4855

all versions

Use after free issue in editcap could cause denial of service via crafted capture file

3.6LOW

CVE-2024-4854

all versions

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of se

6.4MEDIUM

CVE-2024-4853

all versions

Memory handling issue in editcap could cause denial of service via crafted capture file

3.6LOW

CVE-2024-4671

all versions

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer proc

9.6CRITICAL

CVE-2024-34340

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_has

9.1CRITICAL

CVE-2024-31460

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `auto

6.5MEDIUM

CVE-2024-31459

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue

8.0HIGH

CVE-2024-31458

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form

4.6MEDIUM

CVE-2024-31445

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in

8.8HIGH

CVE-2024-31444

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `auto

4.6MEDIUM

CVE-2024-31443

all versions

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save()

5.7MEDIUM

CVE-2024-29894

all versions

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cros

5.4MEDIUM

CVE-2024-27834

all versions

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadO

5.5MEDIUM

CVE-2024-27401

all versions

In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when

7.1HIGH

CVE-2024-27400

all versions

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()

5.5MEDIUM

CVE-2024-27399

all versions

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout T

5.5MEDIUM

CVE-2024-27398

all versions

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

7.8HIGH

CVE-2024-25641

all versions

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerab

9.1CRITICAL

CVE-2024-4559

all versions

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap co

6.5MEDIUM

CVE-2024-4558

all versions

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption

9.6CRITICAL

CVE-2024-34397

all versions

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to

5.2MEDIUM

CVE-2024-34069

all versions

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to e

7.5HIGH

CVE-2024-34064

all versions

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute

5.4MEDIUM

CVE-2024-34507

all versions

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.

7.4HIGH

CVE-2024-34506

all versions

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x befo

7.5HIGH

CVE-2024-34502

all versions

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Spec

9.8CRITICAL

CVE-2024-34500

all versions

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41

6.1MEDIUM

CVE-2024-34403

all versions

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string

5.9MEDIUM

CVE-2024-34402

all versions

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or valu

8.6HIGH

CVE-2024-4140

all versions

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing

7.5HIGH

CVE-2024-4216

all versions

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers

7.4HIGH

CVE-2024-4215

all versions

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowl

7.4HIGH

CVE-2023-47212

all versions

A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg fi

9.8CRITICAL

CVE-2024-4368

all versions

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-4331

all versions

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit hea

8.8HIGH

CVE-2024-4060

all versions

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption vi

6.5MEDIUM

CVE-2024-4059

all versions

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a craft

6.5MEDIUM

CVE-2024-4058

all versions

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-27021

all versions

In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding de

7.8HIGH

CVE-2024-27019

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_ty

4.7MEDIUM

CVE-2024-27018

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promis

7.8HIGH

CVE-2024-27017

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink

5.5MEDIUM

CVE-2024-27016

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is

5.5MEDIUM

CVE-2024-27015

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic re

5.5MEDIUM

CVE-2024-27014

all versions

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabl

5.5MEDIUM

CVE-2024-27013

all versions

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun

5.5MEDIUM

CVE-2024-27012

all versions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fa

5.5MEDIUM

CVE-2024-27008

all versions

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dc

7.8HIGH

CVE-2024-27004

all versions

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused

5.5MEDIUM

CVE-2024-27001

all versions

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk8

5.5MEDIUM

CVE-2024-27000

all versions

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state Th

7.8HIGH

CVE-2024-26994

all versions

In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is

5.5MEDIUM

CVE-2024-26988

all versions

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflo

7.8HIGH

CVE-2024-26987

all versions

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap

5.5MEDIUM

CVE-2024-26986

all versions

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix me

5.5MEDIUM

CVE-2024-1874

all versions

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, du

9.4CRITICAL

CVE-2024-25569

all versions

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23.

6.5MEDIUM

CVE-2024-22391

all versions

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.

7.7HIGH

CVE-2024-22373

all versions

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassro

8.1HIGH

CVE-2024-32662

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to ou

7.5HIGH

CVE-2024-32661

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a

7.5HIGH

CVE-2024-32660

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP

7.5HIGH

CVE-2024-32659

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to ou

9.8CRITICAL

CVE-2024-32658

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to ou

9.8CRITICAL

CVE-2024-31208

all versions

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances bef

6.5MEDIUM

CVE-2024-26922

all versions

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations

5.5MEDIUM

CVE-2024-32460

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using /bpp:32 legacy GDI drawing

8.1HIGH

CVE-2024-32459

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP p

9.8CRITICAL

CVE-2024-32458

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.

9.8CRITICAL

CVE-2024-32041

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.

9.8CRITICAL

CVE-2024-32040

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.

8.1HIGH

CVE-2024-32039

all versions

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 o

9.8CRITICAL

CVE-2023-51798

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating poi

7.8HIGH

CVE-2023-51797

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

6.7MEDIUM

CVE-2023-51796

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

3.6LOW

CVE-2023-51795

all versions

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilte

8.0HIGH

CVE-2023-51791

all versions

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec

7.8HIGH

CVE-2023-50010

all versions

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_en

7.8HIGH

CVE-2023-50009

all versions

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c

8.0HIGH

CVE-2023-50008

all versions

FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/m

7.8HIGH

CVE-2023-50007

all versions

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence functi

4.0MEDIUM

CVE-2023-49502

all versions

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_fi

8.8HIGH

CVE-2023-49501

all versions

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_o

8.0HIGH

CVE-2024-22640

all versions

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a craft

7.5HIGH

CVE-2023-3758

all versions

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to

7.1HIGH

CVE-2024-32462

all versions

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.

8.4HIGH

CVE-2024-27306

all versions

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for stat

6.1MEDIUM

CVE-2023-4235

all versions

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report()

8.1HIGH

CVE-2023-4234

all versions

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report()

8.1HIGH

CVE-2023-4233

all versions

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_fiel

8.1HIGH

CVE-2023-4232

all versions

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report()

8.1HIGH

CVE-2024-31585

all versions

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vu

5.3MEDIUM

CVE-2024-31582

all versions

FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfi

7.8HIGH

CVE-2024-31581

all versions

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_te

9.8CRITICAL

CVE-2024-31031

all versions

An issue in coap_pdu.c in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsig

7.5HIGH

CVE-2024-3914

all versions

Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via

6.5MEDIUM

CVE-2024-31578

all versions

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

7.5HIGH

CVE-2024-3847

all versions

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content secur

6.1MEDIUM

CVE-2024-3846

all versions

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to

4.3MEDIUM

CVE-2024-3845

all versions

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content

4.3MEDIUM

CVE-2024-3844

all versions

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofin

4.3MEDIUM

CVE-2024-3843

all versions

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing

4.3MEDIUM

CVE-2024-3841

all versions

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scrip

6.1MEDIUM

CVE-2024-3840

all versions

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navi

7.5HIGH

CVE-2024-3833

all versions

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object c

8.8HIGH

CVE-2024-3832

all versions

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption

8.8HIGH

CVE-2024-21096

all versions

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected ar

4.9MEDIUM

CVE-2022-24810

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write

6.5MEDIUM

CVE-2022-24809

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only

6.5MEDIUM

CVE-2022-24808

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write

6.5MEDIUM

CVE-2022-24807

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a S

6.5MEDIUM

CVE-2022-24806

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write

6.5MEDIUM

CVE-2022-24805

all versions

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in t

6.5MEDIUM

CVE-2024-31497

all versions

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key

5.9MEDIUM

CVE-2024-3772

all versions

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafte

5.9MEDIUM

CVE-2023-49528

all versions

Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a

8.0HIGH

CVE-2023-29483

all versions

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickl

7.0HIGH

CVE-2024-3516

all versions

Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corru

6.5MEDIUM

CVE-2024-3515

all versions

Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption v

6.5MEDIUM

CVE-2024-3157

all versions

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised

9.6CRITICAL

CVE-2024-31309

all versions

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 thro

7.5HIGH

CVE-2023-2794

all versions

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() functi

8.1HIGH

CVE-2024-24576

all versions

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2

10.0CRITICAL

CVE-2024-26256

all versions

Libarchive Remote Code Execution Vulnerability

7.8HIGH

CVE-2024-27316

all versions

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 respo

7.5HIGH

CVE-2024-24795

all versions

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers in

6.3MEDIUM

CVE-2023-38709

all versions

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

7.3HIGH

CVE-2024-30260

all versions

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `

3.9LOW

CVE-2024-3116

all versions

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerabilit

7.4HIGH

CVE-2024-30261

all versions

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(),

2.6LOW

CVE-2024-28182

all versions

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps

5.3MEDIUM

CVE-2024-3209

all versions

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file

5.5MEDIUM

CVE-2024-28960

all versions

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API

8.2HIGH

CVE-2024-2398

all versions

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses

8.6HIGH

CVE-2024-2004

all versions

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remai

3.5LOW

CVE-2024-2887

all versions

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a cr

7.7HIGH

CVE-2024-2886

all versions

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via

7.5HIGH

CVE-2024-2885

all versions

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption vi

8.8HIGH

CVE-2024-2883

all versions

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2024-2955

all versions

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capt

7.8HIGH

CVE-2024-29133

all versions

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before

5.4MEDIUM

CVE-2024-29131

all versions

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before

7.3HIGH

CVE-2024-2631

all versions

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a

4.3MEDIUM

CVE-2024-2630

all versions

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data vi

6.5MEDIUM

CVE-2024-2629

all versions

Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafte

4.3MEDIUM

CVE-2024-2628

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing

4.3MEDIUM

CVE-2024-2627

all versions

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-2626

all versions

Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memor

6.5MEDIUM

CVE-2024-2625

all versions

Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corru

8.8HIGH

CVE-2023-50967

all versions

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count)

7.5HIGH

CVE-2023-46841

all versions

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET

6.5MEDIUM

CVE-2023-46840

all versions

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for

4.1MEDIUM

CVE-2023-46839

all versions

PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests usi

5.3MEDIUM

CVE-2024-2002

all versions

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allo

7.5HIGH

CVE-2024-24549

all versions

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 r

7.5HIGH

CVE-2024-23672

all versions

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket c

6.3MEDIUM

CVE-2024-2400

all versions

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit he

8.8HIGH

CVE-2023-43279

all versions

Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafte

6.5MEDIUM

CVE-2024-28757

all versions

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_Exter

7.5HIGH

CVE-2024-28184

all versions

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching conten

7.4HIGH

CVE-2024-28180

>= 38 and <= 40

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could

4.3MEDIUM

CVE-2024-28176

>= 38 and <= 40

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature

4.9MEDIUM

CVE-2024-23284

all versions

A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS

6.5MEDIUM

CVE-2024-23280

all versions

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Son

6.5MEDIUM

CVE-2024-23263

all versions

A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 a

6.5MEDIUM

CVE-2024-23254

all versions

The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4

6.5MEDIUM

CVE-2024-2044

all versions

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. I

9.9CRITICAL

CVE-2024-1931

all versions

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a

7.5HIGH

CVE-2024-2176

all versions

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-2174

all versions

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap

8.8HIGH

CVE-2024-2173

all versions

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memo

8.8HIGH

CVE-2024-25111

all versions

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service at

8.6HIGH

CVE-2024-28084

all versions

p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have

7.5HIGH

CVE-2024-24246

all versions

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function

5.5MEDIUM

CVE-2024-22871

all versions

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$part

7.5HIGH

CVE-2024-25713

all versions

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop

8.6HIGH

CVE-2024-1939

all versions

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2024-1938

all versions

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption vi

8.8HIGH

CVE-2024-27285

all versions

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Sit

5.4MEDIUM

CVE-2024-27507

all versions

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

7.5HIGH

CVE-2024-25711

all versions

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_

7.5HIGH

CVE-2024-25082

all versions

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

6.5MEDIUM

CVE-2024-25081

all versions

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

4.2MEDIUM

CVE-2024-24568

all versions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.

5.3MEDIUM

CVE-2024-23839

all versions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.

7.1HIGH

CVE-2024-23837

all versions

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, lead

7.5HIGH

CVE-2024-23836

all versions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ver

7.5HIGH

CVE-2024-23835

all versions

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to ve

7.5HIGH

CVE-2024-1622

all versions

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly aft

7.5HIGH

CVE-2024-21501

all versions

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the s

5.3MEDIUM

CVE-2024-27319

all versions

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM

4.4MEDIUM

CVE-2024-27318

all versions

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the t

7.5HIGH

CVE-2024-25629

all versions

c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files such as `/etc/

4.4MEDIUM

CVE-2023-52160

all versions

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant mu

6.5MEDIUM

CVE-2023-3966

all versions

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of

7.5HIGH

CVE-2024-24479

all versions

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and for

7.5HIGH

CVE-2024-24476

all versions

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and w

7.5HIGH

CVE-2023-42843

all versions

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16

4.3MEDIUM

CVE-2024-1676

all versions

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI

5.4MEDIUM

CVE-2024-1675

all versions

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem

8.8HIGH

CVE-2024-1674

all versions

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation

8.8HIGH

CVE-2024-1673

all versions

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer

8.8HIGH

CVE-2024-1672

all versions

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypas

5.4MEDIUM

CVE-2024-1670

all versions

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption vi

8.8HIGH

CVE-2024-1669

all versions

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds me

8.8HIGH

CVE-2024-23809

all versions

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and

9.8CRITICAL

CVE-2024-23606

all versions

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master

9.8CRITICAL

CVE-2024-23313

all versions

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master B

9.8CRITICAL

CVE-2024-23310

all versions

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branc

9.8CRITICAL

CVE-2024-23305

all versions

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 a

9.8CRITICAL

CVE-2024-22097

all versions

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (

9.8CRITICAL

CVE-2024-21812

all versions

An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Br

9.8CRITICAL

CVE-2024-21795

all versions

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Mast

9.8CRITICAL

CVE-2024-26134

all versions

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting

7.5HIGH

CVE-2024-25983

all versions

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it wa

3.5LOW

CVE-2024-25982

all versions

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

4.3MEDIUM

CVE-2024-25981

all versions

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. B

4.3MEDIUM

CVE-2024-25980

all versions

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By def

4.3MEDIUM

CVE-2024-25979

all versions

The URL parameters accepted by forum search were not limited to the allowed parameters.

5.3MEDIUM

CVE-2024-25978

all versions

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.

7.5HIGH

CVE-2024-1597

all versions

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. I

10.0CRITICAL

CVE-2024-1580

all versions

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corrup

5.9MEDIUM

CVE-2023-50868

all versions

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to c

7.5HIGH

CVE-2023-50387

all versions

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a den

7.5HIGH

CVE-2024-24814

all versions

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements

7.5HIGH

CVE-2023-5679

all versions

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution,

7.5HIGH

CVE-2023-5517

all versions

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - `nxdomain-redirect <domai

7.5HIGH

CVE-2023-4408

all versions

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause proble

7.5HIGH

CVE-2024-1454

all versions

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process usin

3.4LOW

CVE-2023-6681

all versions

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible passwor

5.3MEDIUM

CVE-2024-1062

all versions

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars

5.5MEDIUM

CVE-2023-52429

all versions

dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than IN

5.5MEDIUM

CVE-2024-1151

all versions

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of

5.5MEDIUM

CVE-2024-0229

all versions

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab

7.8HIGH

CVE-2024-1312

all versions

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with

5.1MEDIUM

CVE-2024-20290

all versions

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of serv

7.5HIGH

CVE-2024-1284

all versions

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption v

9.8CRITICAL

CVE-2024-1283

all versions

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corrup

9.8CRITICAL

CVE-2024-1048

all versions

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a tem

3.3LOW

CVE-2024-0690

all versions

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scen

5.0MEDIUM

CVE-2024-22667

all versions

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer

7.8HIGH

CVE-2024-21626

all versions

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, du

8.6HIGH

CVE-2023-6780

all versions

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and v

5.3MEDIUM

CVE-2023-6779

all versions

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is calle

8.2HIGH

CVE-2023-6246

all versions

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the sys

8.4HIGH

CVE-2024-1086

all versions

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege es

7.8HIGH

CVE-2024-1077

all versions

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruptio

8.8HIGH

CVE-2024-1060

all versions

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-1059

all versions

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack

8.8HIGH

CVE-2024-23829

all versions

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser

6.5MEDIUM

CVE-2024-23334

all versions

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring

5.9MEDIUM

CVE-2023-40551

all versions

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sens

5.1MEDIUM

CVE-2023-40550

all versions

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data

5.5MEDIUM

CVE-2023-40549

all versions

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This

6.2MEDIUM

CVE-2023-40546

all versions

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tr

6.2MEDIUM

CVE-2023-40548

all versions

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-contr

7.4HIGH

CVE-2023-46838

all versions

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initia

7.5HIGH

CVE-2024-0814

all versions

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security

6.5MEDIUM

CVE-2024-0813

all versions

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malic

8.8HIGH

CVE-2024-0812

all versions

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exp

8.8HIGH

CVE-2024-0811

all versions

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to

4.3MEDIUM

CVE-2024-0809

all versions

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill rest

4.3MEDIUM

CVE-2024-0808

all versions

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruptio

9.8CRITICAL

CVE-2024-0807

all versions

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2024-0806

all versions

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2024-0805

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoo

4.3MEDIUM

CVE-2024-0804

all versions

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross

7.5HIGH

CVE-2023-39197

all versions

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a

4.0MEDIUM

CVE-2024-22421

all versions

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture

7.6HIGH

CVE-2024-22420

all versions

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture

6.5MEDIUM

CVE-2024-0607

all versions

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code

6.6MEDIUM

CVE-2024-0409

all versions

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It u

7.8HIGH

CVE-2024-0408

all versions

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabe

5.5MEDIUM

CVE-2023-6816

all versions

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button current

9.8CRITICAL

CVE-2024-0519

all versions

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap c

8.8HIGH

CVE-2024-0518

all versions

Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2024-0517

all versions

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruptio

8.8HIGH

CVE-2023-6395

all versions

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execut

6.7MEDIUM

CVE-2024-0567

all versions

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This

7.5HIGH

CVE-2024-0232

all versions

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a

4.7MEDIUM

CVE-2024-0553

all versions

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the resp

7.5HIGH

CVE-2023-4001

all versions

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration

6.8MEDIUM

CVE-2024-23301

all versions

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to

5.5MEDIUM

CVE-2024-0443

all versions

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage

5.5MEDIUM

CVE-2024-0333

all versions

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network po

5.3MEDIUM

CVE-2023-41056

all versions

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in int

8.1HIGH

CVE-2023-5455

all versions

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows

6.5MEDIUM

CVE-2021-3600

all versions

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers

7.8HIGH

CVE-2024-22049

all versions

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker ca

5.3MEDIUM

CVE-2023-6270

all versions

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the

7.0HIGH

CVE-2024-0225

all versions

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2024-0224

all versions

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2024-0223

all versions

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corru

8.8HIGH

CVE-2024-0222

all versions

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer proces

8.8HIGH

CVE-2024-0217

all versions

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impa

3.3LOW

CVE-2023-6004

all versions

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the

4.8MEDIUM

CVE-2023-6693

all versions

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flu

4.9MEDIUM

CVE-2023-7104

all versions

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRe

5.5MEDIUM

CVE-2023-6879

all versions

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_res

9.0CRITICAL

CVE-2023-7101

all versions

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an ar

7.8HIGH

CVE-2023-51767

all versions

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the i

7.0HIGH

CVE-2023-51766

all versions

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published explo

5.3MEDIUM

CVE-2023-51764

all versions

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_disc

5.3MEDIUM

CVE-2023-7024

all versions

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corr

8.8HIGH

CVE-2023-6546

all versions

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSM

7.0HIGH

CVE-2023-4256

all versions

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugin

5.5MEDIUM

CVE-2023-4255

all versions

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M app

5.5MEDIUM

CVE-2023-6918

all versions

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported cry

3.7LOW

CVE-2023-48795

all versions

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker

5.9MEDIUM

CVE-2023-47038

all versions

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl,

7.0HIGH

CVE-2023-6702

all versions

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via

8.8HIGH

CVE-2023-5764

all versions

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe desi

7.1HIGH

CVE-2023-46219

all versions

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using

5.3MEDIUM

CVE-2023-6679

all versions

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phas

5.5MEDIUM

CVE-2023-6186

all versions

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros with

8.3HIGH

CVE-2023-6185

all versions

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to exec

8.3HIGH

CVE-2023-6622

all versions

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux ke

5.5MEDIUM

CVE-2023-45866

all versions

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted conne

6.3MEDIUM

CVE-2023-46218

all versions

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is oth

6.5MEDIUM

CVE-2023-6512

all versions

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially sp

6.5MEDIUM

CVE-2023-6511

all versions

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill rest

4.3MEDIUM

CVE-2023-6510

all versions

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage i

8.8HIGH

CVE-2023-6509

all versions

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to enga

8.8HIGH

CVE-2023-6508

all versions

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corru

8.8HIGH

CVE-2023-42917

all versions

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS

8.8HIGH

CVE-2023-42916

all versions

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Son

6.5MEDIUM

CVE-2023-6351

all versions

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruptio

8.8HIGH

CVE-2023-6350

all versions

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruptio

8.8HIGH

CVE-2023-6348

all versions

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer p

8.8HIGH

CVE-2023-6347

all versions

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption v

8.8HIGH

CVE-2023-6346

all versions

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2023-6345

all versions

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer proce

9.6CRITICAL

CVE-2023-5981

all versions

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times

5.9MEDIUM

CVE-2023-6277

all versions

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a d

6.5MEDIUM

CVE-2023-5972

all versions

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allo

7.0HIGH

CVE-2023-6238

all versions

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify

6.7MEDIUM

CVE-2023-5341

all versions

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

6.2MEDIUM

CVE-2023-48237

all versions

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very

2.8LOW

CVE-2023-48236

all versions

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than

2.8LOW

CVE-2023-48235

all versions

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Iron

2.8LOW

CVE-2023-48234

all versions

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large coun

2.8LOW

CVE-2023-48233

all versions

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long va

2.8LOW

CVE-2023-48232

all versions

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong

3.9LOW

CVE-2023-48231

all versions

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Explo

3.9LOW

CVE-2023-6112

all versions

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corrup

8.8HIGH

CVE-2023-5997

all versions

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit hea

8.8HIGH

CVE-2023-5528

all versions

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be abl

7.2HIGH

CVE-2023-46850

all versions

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when s

9.8CRITICAL

CVE-2023-46849

all versions

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide

7.5HIGH

CVE-2023-5543

all versions

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activ

3.3LOW

CVE-2023-5551

all versions

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

3.3LOW

CVE-2023-5550

all versions

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has di

6.5MEDIUM

CVE-2023-5549

all versions

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent catego

3.3LOW

CVE-2023-5548

all versions

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

3.3LOW

CVE-2023-5547

all versions

The course upload preview contained an XSS risk for users uploading unsafe data.

3.3LOW

CVE-2023-5546

all versions

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

4.3MEDIUM

CVE-2023-5545

all versions

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

3.3LOW

CVE-2023-5544

all versions

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

6.5MEDIUM

CVE-2023-5542

all versions

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

3.3LOW

CVE-2023-5540

all versions

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

4.7MEDIUM

CVE-2023-5539

all versions

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

4.7MEDIUM

CVE-2023-39198

all versions

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj return

7.5HIGH

CVE-2023-5996

all versions

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2023-4535

all versions

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. E

4.5MEDIUM

CVE-2023-47272

all versions

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachme

6.1MEDIUM

CVE-2023-3961

all versions

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within

9.1CRITICAL

CVE-2023-4091

all versions

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when

6.5MEDIUM

CVE-2023-42670

all versions

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causin

6.5MEDIUM

CVE-2023-1194

all versions

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server a

7.1HIGH

CVE-2023-44271

all versions

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given

7.5HIGH

CVE-2023-43665

all versions

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods

7.5HIGH

CVE-2023-41914

all versions

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file

7.0HIGH

CVE-2023-41164

all versions

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential

7.5HIGH

CVE-2023-5859

all versions

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain s

4.3MEDIUM

CVE-2023-5858

all versions

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate se

4.3MEDIUM

CVE-2023-5857

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execut

8.8HIGH

CVE-2023-5856

all versions

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in

8.8HIGH

CVE-2023-5855

all versions

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage i

8.8HIGH

CVE-2023-5854

all versions

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in sp

8.8HIGH

CVE-2023-5853

all versions

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via

4.3MEDIUM

CVE-2023-5852

all versions

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in sp

8.8HIGH

CVE-2023-5851

all versions

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security

4.3MEDIUM

CVE-2023-5850

all versions

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing v

4.3MEDIUM

CVE-2023-5849

all versions

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption

8.8HIGH

CVE-2023-5482

all versions

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds me

8.8HIGH

CVE-2023-5480

all versions

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventi

6.1MEDIUM

CVE-2023-43796

all versions

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can

5.3MEDIUM

CVE-2023-5349

all versions

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service

5.3MEDIUM

CVE-2023-34058

all versions

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privi

7.1HIGH

CVE-2023-5380

all versions

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a

4.7MEDIUM

CVE-2023-5367

all versions

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset

7.8HIGH

CVE-2023-42852

all versions

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iP

8.8HIGH

CVE-2023-41983

all versions

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadO

6.5MEDIUM

CVE-2023-5472

all versions

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corrupti

8.8HIGH

CVE-2023-45802

all versions

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not recla

5.9MEDIUM

CVE-2023-31122

all versions

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

7.5HIGH

CVE-2023-5686

all versions

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

8.8HIGH

CVE-2023-45145

all versions

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its per

3.6LOW

CVE-2023-5631

all versions

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SV

6.1MEDIUM

CVE-2023-39332

all versions

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the `Buffer

9.8CRITICAL

CVE-2023-38552

all versions

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the o

7.5HIGH

CVE-2023-38545

all versions

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name t

9.8CRITICAL

CVE-2023-22084

all versions

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 an

4.9MEDIUM

CVE-2023-45803

all versions

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP r

4.2MEDIUM

CVE-2023-41752

all versions

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffi

7.5HIGH

CVE-2023-39456

all versions

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Se

7.5HIGH

CVE-2023-39999

all versions

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1

4.3MEDIUM

CVE-2023-45143

all versions

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization heade

3.9LOW

CVE-2023-43789

all versions

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-b

5.5MEDIUM

CVE-2023-5487

all versions

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to ins

6.5MEDIUM

CVE-2023-5484

all versions

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI

6.5MEDIUM

CVE-2023-5475

all versions

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to insta

6.5MEDIUM

CVE-2023-5218

all versions

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap cor

8.8HIGH

CVE-2023-39325

all versions

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumpti

7.5HIGH

CVE-2023-5535

all versions

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

7.8HIGH

CVE-2023-37536

all versions

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

8.2HIGH

CVE-2023-45129

all versions

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malici

4.9MEDIUM

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-43788

all versions

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allow

5.5MEDIUM

CVE-2023-43787

all versions

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user t

7.8HIGH

CVE-2023-43786

all versions

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to co

5.5MEDIUM

CVE-2023-43785

all versions

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local us

6.5MEDIUM

CVE-2023-43641

all versions

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds a

8.8HIGH

CVE-2023-39194

all versions

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which

3.2LOW

CVE-2023-39193

all versions

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This fla

6.1MEDIUM

CVE-2023-39192

all versions

A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 struc

6.7MEDIUM

CVE-2023-39189

all versions

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode

5.1MEDIUM

CVE-2023-43615

all versions

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

7.5HIGH

CVE-2023-45239

all versions

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an

9.8CRITICAL

CVE-2023-39928

all versions

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse

8.8HIGH

CVE-2023-5441

all versions

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

5.5MEDIUM

CVE-2023-39323

all versions

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler

8.1HIGH

CVE-2023-42754

all versions

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated wit

5.5MEDIUM

CVE-2023-41175

all versions

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers

6.5MEDIUM

CVE-2023-40745

all versions

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) o

6.5MEDIUM

fedoraproject fedora