Serenity
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33186 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2021 | SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. | ||
| CVE-2021-33185 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2021 | SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. | ||
| CVE-2009-4097 | 0.03 | — | 0.06 | Nov 29, 2009 | Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information. | |||
| CVE-2021-4327 | Med | 0.00 | 5.5 | 0.01 | Mar 1, 2023 | A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has… | ||
| CVE-2021-31272 | Cri | 0.00 | 9.8 | 0.03 | Jun 18, 2021 | SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. | ||
| CVE-2021-30045 | Cri | 0.00 | 9.1 | 0.02 | Apr 6, 2021 | SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. | ||
| CVE-2021-28874 | Hig | 0.00 | 7.8 | 0.01 | Apr 6, 2021 | SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. | ||
| CVE-2021-27343 | Hig | 0.00 | 7.5 | 0.02 | Apr 6, 2021 | SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. | ||
| CVE-2019-20172 | Hig | 0.00 | 7.8 | 0.00 | Dec 31, 2019 | Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. |
- risk 0.49cvss 7.5epss 0.01
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
- CVE-2009-4097Nov 29, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information.
- risk 0.00cvss 5.5epss 0.01
A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has…
- risk 0.00cvss 9.8epss 0.03
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
- risk 0.00cvss 9.1epss 0.02
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function.
- risk 0.00cvss 7.8epss 0.01
SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.
- risk 0.00cvss 7.5epss 0.02
SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1.
- risk 0.00cvss 7.8epss 0.00
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.