Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32004

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 May, 2024 | 18:46
Updated At-04 Nov, 2025 | 16:12
Rejected At-
Credits

Git vulnerable to Remote Code Execution while cloning special-crafted local repositories

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 May, 2024 | 18:46
Updated At:04 Nov, 2025 | 16:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
Git vulnerable to Remote Code Execution while cloning special-crafted local repositories

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

Affected Products
Vendor
git
Product
git
Versions
Affected
  • = 2.45.0
  • = 2.44.0
  • >= 2.43.0, < 2.43.4
  • >= 2.42.0, < 2.42.2
  • = 2.41.0
  • >= 2.40.0, < 2.40.2
  • < 2.39.4
Problem Types
TypeCWE IDDescription
CWECWE-114CWE-114: Process Control
Type: CWE
CWE ID: CWE-114
Description: CWE-114: Process Control
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
x_refsource_CONFIRM
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
x_refsource_MISC
https://git-scm.com/docs/git-clone
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
N/A
http://www.openwall.com/lists/oss-security/2024/05/14/2
N/A
https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
N/A
Hyperlink: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
Resource:
x_refsource_MISC
Hyperlink: https://git-scm.com/docs/git-clone
Resource:
x_refsource_MISC
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/05/14/2
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
x_refsource_CONFIRM
x_transferred
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
x_refsource_MISC
x_transferred
https://git-scm.com/docs/git-clone
x_refsource_MISC
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
x_transferred
http://www.openwall.com/lists/oss-security/2024/05/14/2
x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
x_transferred
https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html
N/A
Hyperlink: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://git-scm.com/docs/git-clone
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/05/14/2
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.45.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.45.0
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.44.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.44.0
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.43.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2.43.0 before 2.43.4 (custom)
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.42.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2.42.0 before 2.42.2 (custom)
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.41.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.41.0
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:2.40.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2.40.0 before 2.40.2 (custom)
Vendor
git
Product
git
CPEs
  • cpe:2.3:a:git:git:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.39.4 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 May, 2024 | 19:15
Updated At:06 Jan, 2026 | 17:09

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches

git-scm
git-scm
>>git>>Versions before 2.39.4(exclusive)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>Versions from 2.40.0(inclusive) to 2.40.2(exclusive)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>Versions from 2.42.0(inclusive) to 2.42.2(exclusive)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>Versions from 2.43.0(inclusive) to 2.43.4(exclusive)
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>2.41.0
cpe:2.3:a:git-scm:git:2.41.0:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>2.44.0
cpe:2.3:a:git-scm:git:2.44.0:*:*:*:*:*:*:*
git-scm
git-scm
>>git>>2.45.0
cpe:2.3:a:git-scm:git:2.45.0:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>40
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-114Secondarysecurity-advisories@github.com
CWE ID: CWE-114
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2024/05/14/2security-advisories@github.com
Mailing List
Third Party Advisory
https://git-scm.com/docs/git-clonesecurity-advisories@github.com
Technical Description
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8security-advisories@github.com
Patch
https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389security-advisories@github.com
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlsecurity-advisories@github.com
Mailing List
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/security-advisories@github.com
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/05/14/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://git-scm.com/docs/git-cloneaf854a3a-2127-422b-91ae-364da2661108
Technical Description
https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/af854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/05/14/2
Source: security-advisories@github.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://git-scm.com/docs/git-clone
Source: security-advisories@github.com
Resource:
Technical Description
Hyperlink: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
Source: security-advisories@github.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
Source: security-advisories@github.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/05/14/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://git-scm.com/docs/git-clone
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Hyperlink: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

390Records found

CVE-2022-1441
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.94% / 56.44%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGPAC
Product-gpacdebian_linuxgpac
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4733
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.54% / 41.30%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 13:47
Updated-23 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-macosvimfedoravim/vim
CWE ID-CWE-416
Use After Free
CVE-2022-0408
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.50% / 71.26%
||
7 Day CHG~0.00%
Published-30 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0676
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-1.16% / 63.27%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 00:05
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in radareorg/radare2

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36664
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.24% / 86.76%
||
7 Day CHG~0.00%
Published-25 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArtifex Software Inc.
Product-debian_linuxfedoraghostscriptn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-37208
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.01%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 08:54
Updated-20 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-34153
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-3.16% / 86.42%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-27 Feb, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Action-Not Available
Vendor-n/aImageMagick Studio LLCRed Hat, Inc.Fedora Project
Product-fedoraextra_packages_for_enterprise_linuximagemagickenterprise_linuxImageMagick
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-20196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.28% / 66.52%
||
7 Day CHG~0.00%
Published-18 Dec, 2018 | 01:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled.

Action-Not Available
Vendor-audiocodingn/aDebian GNU/Linux
Product-freeware_advanced_audio_decoder_2debian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1154
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-1.46% / 70.41%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use after free in utf_ptr2char in vim/vim

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectVimOracle Corporation
Product-vimdebian_linuxfedoracommunications_cloud_native_core_network_exposure_functionvim/vim
CWE ID-CWE-416
Use After Free
CVE-2023-33204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.64%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

Action-Not Available
Vendor-sysstat_projectn/aFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxsysstatn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-0368
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.5||MEDIUM
EPSS-1.52% / 71.52%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-debian_linuxmacosvimvim/vim
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0546
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-1.13% / 62.47%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:27
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectBlender Foundation
Product-extra_packages_for_enterprise_linuxblenderdebian_linuxfedoraBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-29403
Matching Score-8
Assigner-Go Project
ShareView Details
Matching Score-8
Assigner-Go Project
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.72%
||
7 Day CHG~0.00%
Published-08 Jun, 2023 | 20:19
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

Action-Not Available
Vendor-Go standard libraryFedora ProjectGo
Product-gofedoraruntime
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-29007
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-6.08% / 92.53%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 20:09
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary configuration injection via `git submodule deinit`

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.

Action-Not Available
Vendor-git-scmgitFedora Project
Product-fedoragitgit
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-0359
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-1.34% / 67.86%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1304
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.38% / 68.82%
||
7 Day CHG+0.05%
Published-14 Apr, 2022 | 20:05
Updated-23 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Action-Not Available
Vendor-e2fsprogs_projectn/aFedora ProjectRed Hat, Inc.
Product-e2fsprogsenterprise_linuxfedorae2fsprogs
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0361
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.57% / 72.30%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0417
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.54% / 71.88%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0443
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.40% / 69.09%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

Use After Free in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-416
Use After Free
CVE-2022-0545
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.8||HIGH
EPSS-1.12% / 62.21%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 18:27
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

Action-Not Available
Vendor-n/aDebian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-0572
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-26.58% / 97.77%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectApple Inc.VimDebian GNU/Linux
Product-fedoradebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0392
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-1.51% / 71.43%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-macosdebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0523
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-1.10% / 61.57%
||
7 Day CHG+0.02%
Published-08 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in radareorg/radare2

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

Action-Not Available
Vendor-Fedora ProjectRadare2 (r2)
Product-fedoraradare2radareorg/radare2
CWE ID-CWE-416
Use After Free
CVE-2022-0261
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-1.69% / 74.24%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-mac_os_xdebian_linuxvimmacosvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1160
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-1.27% / 66.20%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap buffer overflow in get_one_sourceline in vim/vim

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0629
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-1.81% / 75.92%
||
7 Day CHG-0.08%
Published-17 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in vim/vim

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-vimdebian_linuxmacosfedoravim/vim
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.10% / 61.70%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 12:42
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

Action-Not Available
Vendor-freecadwebn/aDebian GNU/Linux
Product-debian_linuxfreecadn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-45910
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.41%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:02
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45845
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.93% / 77.47%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 12:55
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

Action-Not Available
Vendor-freecadwebn/aDebian GNU/Linux
Product-debian_linuxfreecadn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-45909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.29%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:02
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45911
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.29%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 00:01
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

Action-Not Available
Vendor-gif2apng_projectn/aDebian GNU/Linux
Product-gif2apngdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.75% / 50.37%
||
7 Day CHG+0.02%
Published-24 Jul, 2022 | 18:47
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/LinuxFedora Project
Product-debian_linuxgdk-pixbuffedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-45463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.44% / 69.95%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 06:00
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Action-Not Available
Vendor-gegln/aFedora ProjectRed Hat, Inc.GIMP
Product-fedorageglenterprise_linuxgimpn/a
CVE-2021-44537
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.75% / 84.40%
||
7 Day CHG~0.00%
Published-15 Jan, 2022 | 20:51
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

Action-Not Available
Vendor-n/aFedora ProjectownCloud GmbH
Product-owncloud_desktop_clientfedoran/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-45078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.31% / 67.19%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 19:37
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Action-Not Available
Vendor-n/aRed Hat, Inc.GNUNetApp, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxontap_select_deploy_administration_utilityfedoraenterprise_linuxbinutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.98% / 78.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2022 | 05:32
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Action-Not Available
Vendor-zshn/aDebian GNU/LinuxFedora ProjectApple Inc.
Product-debian_linuxfedoramac_os_xmacoszshn/a
CVE-2021-45342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.93% / 77.59%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Action-Not Available
Vendor-librecadn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibrecadn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-43579
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-7.35% / 93.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 17:49
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

Action-Not Available
Vendor-htmldoc_projectn/aDebian GNU/Linux
Product-htmldocdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.35% / 87.19%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 00:00
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Action-Not Available
Vendor-async_projectn/aFedora Project
Product-fedoraasyncn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-4173
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-1.62% / 73.16%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 12:25
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

vim is vulnerable to Use After Free

Action-Not Available
Vendor-VimFedora ProjectApple Inc.
Product-fedoravimmac_os_xmacosvim/vim
CWE ID-CWE-416
Use After Free
CVE-2021-4136
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-1.83% / 76.27%
||
7 Day CHG~0.00%
Published-19 Dec, 2021 | 17:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-vimfedoramacosmac_os_xvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42613
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 52.94%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 18:16
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

Action-Not Available
Vendor-halibut_projectn/aFedora Project
Product-halibutfedoran/a
CWE ID-CWE-415
Double Free
CVE-2021-4187
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-1.63% / 73.29%
||
7 Day CHG~0.00%
Published-29 Dec, 2021 | 17:10
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

vim is vulnerable to Use After Free

Action-Not Available
Vendor-VimFedora ProjectApple Inc.
Product-fedoravimmac_os_xmacosvim/vim
CWE ID-CWE-416
Use After Free
CVE-2021-42531
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42530
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42612
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 52.94%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 18:02
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

Action-Not Available
Vendor-halibut_projectn/aFedora Project
Product-halibutfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2021-42614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 52.94%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 18:30
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

Action-Not Available
Vendor-halibut_projectn/aFedora Project
Product-halibutfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2021-42529
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4192
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.5||MEDIUM
EPSS-1.73% / 74.77%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

vim is vulnerable to Use After Free

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxvimfedoramac_os_xmacosvim/vim
CWE ID-CWE-416
Use After Free
CVE-2021-42532
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.60% / 88.06%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-debian_linuxxmp_toolkit_software_development_kitXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found