Latest CVE Feed
-
9.8
CRITICALCVE-2022-26496
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.... Read more
- EPSS Score: %0.48
- Published: Mar. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34481
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker c... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %30.38
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5459
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more
- EPSS Score: %6.62
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5483
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().... Read more
Affected Products : tcpdump- EPSS Score: %0.93
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSU... Read more
Affected Products : leap linux_enterprise_server linux_enterprise_software_development_kit osc factory- EPSS Score: %1.62
- Published: Jun. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18501
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run ar... Read more
- EPSS Score: %2.59
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-38187
An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.... Read more
Affected Products : anymap- EPSS Score: %0.36
- Published: Aug. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-3888
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LO... Read more
- EPSS Score: %0.57
- Published: Jun. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-7938
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().... Read more
Affected Products : tcpdump- EPSS Score: %0.72
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-18311
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.... Read more
- EPSS Score: %12.70
- Published: Dec. 07, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31686
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application... Read more
Affected Products : workspace_one_assist- EPSS Score: %0.54
- Published: Nov. 09, 2022
- Modified: May. 01, 2025
-
9.8
CRITICALCVE-2021-2029
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more
- EPSS Score: %1.90
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-2047
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more
Affected Products : weblogic_server- EPSS Score: %26.76
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-6403
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.... Read more
- EPSS Score: %2.46
- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-42842
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.... Read more
- EPSS Score: %2.08
- Published: Dec. 15, 2022
- Modified: Apr. 21, 2025
-
9.8
CRITICALCVE-2020-25020
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.... Read more
- EPSS Score: %2.20
- Published: Aug. 29, 2020
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-4337
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.... Read more
- EPSS Score: %0.38
- Published: Jan. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated a... Read more
- Actively Exploited
- EPSS Score: %94.31
- Published: Jun. 02, 2023
- Modified: Dec. 20, 2024
-
9.8
CRITICALCVE-2022-45138
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters tha... Read more
- EPSS Score: %0.21
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20019
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution... Read more
- EPSS Score: %17.31
- Published: Dec. 19, 2018
- Modified: Nov. 21, 2024