CVE-2023-4911

Known exploited
Public exploit
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Max CVSS
7.8
EPSS Score
1.88%
Published
2023-10-03
Updated
2024-02-22
CISA KEV Added
2023-11-21

CVE-2022-0847

Known exploited
Public exploit
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Max CVSS
7.8
EPSS Score
7.58%
Published
2022-03-10
Updated
2024-01-12
CISA KEV Added
2022-04-25

CVE-2022-0492

Public exploit
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Max CVSS
7.8
EPSS Score
9.52%
Published
2022-03-03
Updated
2023-12-07

CVE-2021-4034

Known exploited
Public exploit
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-01-28
Updated
2023-10-18
CISA KEV Added
2022-06-27

CVE-2018-1000001

Public exploit
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Max CVSS
7.8
EPSS Score
0.53%
Published
2018-01-31
Updated
2019-10-03

CVE-2018-17456

Public exploit
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Max CVSS
9.8
EPSS Score
16.06%
Published
2018-10-06
Updated
2020-08-24

CVE-2018-14665

Public exploit
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Max CVSS
7.2
EPSS Score
3.21%
Published
2018-10-25
Updated
2019-10-22

CVE-2018-7750

Public exploit
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
Max CVSS
9.8
EPSS Score
6.63%
Published
2018-03-13
Updated
2022-04-18

CVE-2017-1000083

Public exploit
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Max CVSS
7.8
EPSS Score
12.06%
Published
2017-09-05
Updated
2019-10-03

CVE-2017-9462

Public exploit
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
Max CVSS
9.0
EPSS Score
3.00%
Published
2017-06-06
Updated
2020-02-05

CVE-2016-9079

Known exploited
Public exploit
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Max CVSS
7.5
EPSS Score
95.25%
Published
2018-06-11
Updated
2018-08-09
CISA KEV Added
2023-06-22

CVE-2014-3153

Known exploited
Public exploit
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
Max CVSS
7.2
EPSS Score
0.13%
Published
2014-06-07
Updated
2023-10-03
CISA KEV Added
2022-05-25

CVE-2014-1511

Public exploit
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
Max CVSS
9.8
EPSS Score
95.38%
Published
2014-03-19
Updated
2020-08-05

CVE-2014-1510

Public exploit
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
Max CVSS
9.8
EPSS Score
95.62%
Published
2014-03-19
Updated
2020-08-03

CVE-2014-0160

Known exploited
Public exploit
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Max CVSS
7.5
EPSS Score
97.51%
Published
2014-04-07
Updated
2023-02-10
CISA KEV Added
2022-05-04

CVE-2013-0758

Public exploit
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
Max CVSS
9.3
EPSS Score
21.08%
Published
2013-01-13
Updated
2020-08-04

CVE-2013-0753

Public exploit
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
Max CVSS
9.3
EPSS Score
97.12%
Published
2013-01-13
Updated
2020-08-04

CVE-2011-3389

Public exploit
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Max CVSS
4.3
EPSS Score
0.85%
Published
2011-09-06
Updated
2022-11-29

CVE-2009-2692

Public exploit
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Max CVSS
7.8
EPSS Score
0.05%
Published
2009-08-14
Updated
2024-02-08
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
Max CVSS
8.6
EPSS Score
1.36%
Published
2023-11-03
Updated
2023-12-14
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Max CVSS
8.6
EPSS Score
3.03%
Published
2023-11-03
Updated
2024-02-16
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
Max CVSS
9.3
EPSS Score
0.32%
Published
2023-11-03
Updated
2024-01-22
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-08-25
Updated
2024-01-12
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
Max CVSS
7.5
EPSS Score
0.14%
Published
2023-07-24
Updated
2023-12-28
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Max CVSS
7.5
EPSS Score
0.15%
Published
2024-02-07
Updated
2024-03-12
1008 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!