Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-0492 KEV |
|
[KEV] Authentication Bypass in Linux c (CVE-2022-0492)
authentication bypass in Linux c (CVE-2022-0492). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-39399 |
|
Vulnerability in java (CVE-2022-39399)
vulnerability in java (CVE-2022-39399). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.17, 17.0.5, 19.0.1` or later.
|
| CVE-2022-21619 |
|
Vulnerability in java (CVE-2022-21619)
vulnerability in java (CVE-2022-21619). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.351, 11.0.17, 17.0.5, 19.0.1` or later.
|
| CVE-2022-21618 |
|
Authentication Bypass in java (CVE-2022-21618)
authentication bypass in java (CVE-2022-21618). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.0.5, 19.0.1` or later.
|
| CVE-2022-21549 |
|
Unsafe Deserialization in java (CVE-2022-21549)
vulnerability in java (CVE-2022-21549). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.0.4` or later.
|
| CVE-2022-21540 |
|
Use-After-Free in java (CVE-2022-21540)
vulnerability in java (CVE-2022-21540). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.351, 8.0.341, 11.0.16, 17.0.4, 18.0.2` or later.
|
| CVE-2022-21293 |
|
Vulnerability in java (CVE-2022-21293)
vulnerability in java (CVE-2022-21293). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
|
| CVE-2022-21291 |
|
Vulnerability in java (CVE-2022-21291)
vulnerability in java (CVE-2022-21291). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
|
| CVE-2022-21283 |
|
Vulnerability in java (CVE-2022-21283)
vulnerability in java (CVE-2022-21283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.14, 17.0.2` or later.
|
| CVE-2021-35556 |
|
Vulnerability in java (CVE-2021-35556)
vulnerability in java (CVE-2021-35556). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.321, 8.0.311, 11.0.13, 17.0.1` or later.
|
| CVE-2024-27004 |
|
Vulnerability in linux (CVE-2024-27004)
vulnerability in linux (CVE-2024-27004). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-27013 |
|
Vulnerability in linux (CVE-2024-27013)
vulnerability in linux (CVE-2024-27013). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-26988 |
|
Out-of-Bounds Write in c (CVE-2024-26988)
out-of-bounds write in c (CVE-2024-26988). Successful exploitation can lead to full system takeover.
|
| CVE-2024-27012 |
|
Vulnerability in linux (CVE-2024-27012)
vulnerability in linux (CVE-2024-27012). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-28960 |
|
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
|
| CVE-2023-6246 |
|
Vulnerability in privilege-escalation (CVE-2023-6246)
vulnerability in privilege-escalation (CVE-2023-6246). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6779 |
|
Vulnerability in gnu (CVE-2023-6779)
vulnerability in gnu (CVE-2023-6779). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-6780 |
|
Vulnerability in gnu (CVE-2023-6780)
vulnerability in gnu (CVE-2023-6780). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-51767 |
|
Vulnerability in openbsd (CVE-2023-51767)
vulnerability in openbsd (CVE-2023-51767). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-4911 KEV |
|
[KEV] Vulnerability in Gnu c (CVE-2023-4911)
vulnerability in Gnu c (CVE-2023-4911). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38545 |
|
Out-of-Bounds Write in haxx (CVE-2023-38545)
out-of-bounds write in haxx (CVE-2023-38545). Successful exploitation can lead to full system takeover.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2023-43615 |
|
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
|
| CVE-2023-4806 |
|
Use-After-Free in gnu (CVE-2023-4806)
vulnerability in gnu (CVE-2023-4806). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4527 |
|
Vulnerability in gnu (CVE-2023-4527)
vulnerability in gnu (CVE-2023-4527). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4733 |
|
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
|
| CVE-2023-4750 |
|
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
|
| CVE-2023-38559 |
|
Out-of-Bounds Read in c (CVE-2023-38559)
vulnerability in c (CVE-2023-38559). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27405 |
|
Out-of-Bounds Read in platform/external/freetype (CVE-2022-27405)
vulnerability in platform/external/freetype (CVE-2022-27405). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `13:2023-07-01` or later.
|
| CVE-2023-25136 |
|
Vulnerability in openbsd (CVE-2023-25136)
vulnerability in openbsd (CVE-2023-25136). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-46392 |
|
Vulnerability in arm (CVE-2022-46392)
vulnerability in arm (CVE-2022-46392). Confidential information can be exposed externally.
|
| CVE-2022-46393 |
|
Out-of-Bounds Read in arm (CVE-2022-46393)
vulnerability in arm (CVE-2022-46393). Successful exploitation can lead to full system takeover.
|
| CVE-2022-2601 |
|
Vulnerability in gnu (CVE-2022-2601)
vulnerability in gnu (CVE-2022-2601). Successful exploitation can lead to full system takeover.
|
| CVE-2022-21624 |
|
Unsafe Deserialization in c (CVE-2022-21624)
vulnerability in c (CVE-2022-21624). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21626 |
|
Vulnerability in c (CVE-2022-21626)
vulnerability in c (CVE-2022-21626). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38013 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.9` or later.
|
| CVE-2022-2160 |
|
Vulnerability in google (CVE-2022-2160)
vulnerability in google (CVE-2022-2160). Confidential information can be exposed externally.
|
| CVE-2022-34169 |
|
Vulnerability in apache (CVE-2022-34169)
vulnerability in apache (CVE-2022-34169). Data can be tampered with by attackers.
|
| CVE-2020-28941 |
|
Vulnerability in c (CVE-2020-28941)
vulnerability in c (CVE-2020-28941). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29145 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145)
vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.5` or later.
|
| CVE-2022-29117 |
|
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
|
| CVE-2022-27406 |
|
Out-of-Bounds Read in freetype (CVE-2022-27406)
vulnerability in freetype (CVE-2022-27406). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-0778 |
|
Vulnerability in dos (CVE-2022-0778)
vulnerability in dos (CVE-2022-0778). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-24512 |
|
Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
code injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24464 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2021-44832 |
|
Vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832)
vulnerability in org.apache.logging.log4j:log4j-core (CVE-2021-44832). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.17.1` or later.
|
| CVE-2021-4104 |
|
Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
|
| CVE-2021-41617 |
|
Privilege Escalation in privilege-escalation (CVE-2021-41617)
vulnerability in privilege-escalation (CVE-2021-41617). Successful exploitation can lead to full system takeover.
|
| CVE-2020-1971 |
|
Vulnerability in dos (CVE-2020-1971)
vulnerability in dos (CVE-2020-1971). Risk of unauthorized operations or information disclosure.
|