Lucene search
K
OsvMost viewed

908464 matches found

OSV
OSV
•added 2018/06/17 12:0 a.m.•42 views

DSA-4231-1 libgcrypt20 - security update

Bulletin has no description...

4.7CVSS5.9AI score0.00887EPSS
Exploits1
OSV
OSV
•added 2018/03/08 12:0 a.m.•42 views

DLA-1303-1 python-django - security update

Bulletin has no description...

5.3CVSS5.5AI score0.04772EPSS
Exploits0
OSV
OSV
•added 2018/03/01 7:29 p.m.•42 views

CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

9.8CVSS7.4AI score
Exploits0References14
OSV
OSV
•added 2018/01/18 2:29 a.m.•42 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.1CVSS6.6AI score
Exploits0References14
OSV
OSV
•added 2018/01/04 1:29 p.m.•42 views

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...

5.6CVSS5.6AI score
Exploits0References69
OSV
OSV
•added 2017/11/30 6:29 p.m.•42 views

UBUNTU-CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

7.5CVSS7.3AI score0.02518EPSS
Exploits0References2
OSV
OSV
•added 2017/11/11 12:0 a.m.•42 views

DSA-4031-1 ruby2.3 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.16412EPSS
Exploits2
OSV
OSV
•added 2017/10/26 3:29 a.m.•42 views

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

5.3CVSS4.8AI score
Exploits0References9
OSV
OSV
•added 2017/10/24 6:33 p.m.•42 views

GHSA-9H36-4JF2-HX53 extlib does not properly restrict casts of string values

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS7.7AI score0.03415EPSS
Exploits1References7
OSV
OSV
•added 2017/10/24 6:33 p.m.•42 views

GHSA-GH2W-J7CX-2664 Active Record contains SQL Injection

SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...

7.5CVSS7.7AI score0.04458EPSS
Exploits2References10
OSV
OSV
•added 2017/10/24 6:33 p.m.•42 views

GHSA-H835-75HW-PJ89 activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote...

4.3CVSS5.1AI score0.02568EPSS
Exploits0References12
OSV
OSV
•added 2017/10/24 6:33 p.m.•42 views

GHSA-R5HC-9XX5-97RW i18n gem Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...

4.3CVSS5.4AI score0.02231EPSS
Exploits0References17
OSV
OSV
•added 2017/10/24 6:33 p.m.•42 views

GHSA-7CGP-C3G7-QVRW actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

5CVSS6.5AI score0.06193EPSS
Exploits0References10
OSV
OSV
•added 2017/09/12 12:0 a.m.•42 views

DSA-3969-1 xen - security update

Bulletin has no description...

10CVSS6.8AI score0.0367EPSS
Exploits0
OSV
OSV
•added 2017/08/23 2:29 p.m.•42 views

PYSEC-2017-41

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS7.6AI score0.87544EPSS
Exploits10References13
OSV
OSV
•added 2017/07/25 12:0 a.m.•42 views

DSA-3918-1 icedove - security update

Bulletin has no description...

9.8CVSS7.8AI score0.05216EPSS
Exploits11
OSV
OSV
•added 2017/07/10 2:29 p.m.•42 views

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

7.5CVSS9.2AI score
Exploits0References7
OSV
OSV
•added 2017/06/14 12:0 a.m.•42 views

DSA-3881-1 firefox-esr - security update

Bulletin has no description...

9.8CVSS7.8AI score0.05216EPSS
Exploits11
OSV
OSV
•added 2017/06/01 12:0 a.m.•42 views

DSA-3872-1 nss - security update

Bulletin has no description...

9.8CVSS7.6AI score0.04741EPSS
Exploits0
OSV
OSV
•added 2017/05/24 3:29 p.m.•42 views

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

9.8CVSS9.7AI score
Exploits0References2
OSV
OSV
•added 2017/05/18 6:29 a.m.•42 views

CVE-2017-9049

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398...

7.5CVSS8.3AI score
Exploits0References6
OSV
OSV
•added 2017/05/11 8:29 p.m.•42 views

UBUNTU-CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the x265encoderencode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in th...

5.5CVSS6AI score0.00799EPSS
Exploits1References3
OSV
OSV
•added 2017/05/06 12:0 p.m.•42 views

RUSTSEC-2017-0005 Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

7.5CVSS7.3AI score0.01485EPSS
Exploits0References3
OSV
OSV
•added 2017/04/24 7:59 p.m.•42 views

CVE-2017-3600

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

6.6CVSS5.9AI score
Exploits0References9
OSV
OSV
•added 2017/01/27 10:59 p.m.•42 views

CVE-2017-3238

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.5CVSS6.2AI score
Exploits0References12
OSV
OSV
•added 2017/01/27 12:0 a.m.•42 views

DSA-3773-1 openssl - security update

Bulletin has no description...

7.5CVSS6.9AI score0.57595EPSS
Exploits2
OSV
OSV
•added 2017/01/12 11:59 p.m.•42 views

CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

9.8CVSS7.6AI score
Exploits0References10
OSV
OSV
•added 2017/01/04 8:59 p.m.•42 views

CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS7.7AI score
Exploits0References12
OSV
OSV
•added 2016/12/25 12:0 a.m.•42 views

DLA-764-1 qemu - security update

Bulletin has no description...

6.5CVSS6.4AI score0.00413EPSS
Exploits0
OSV
OSV
•added 2016/10/30 12:0 a.m.•42 views

DLA-689-1 qemu-kvm - security update

Bulletin has no description...

6CVSS6AI score0.00441EPSS
Exploits0
OSV
OSV
•added 2016/09/16 5:59 a.m.•42 views

CVE-2016-2182

The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors...

9.8CVSS6.9AI score
Exploits0References52
OSV
OSV
•added 2016/07/30 12:0 a.m.•42 views

DLA-578-1 openssh - security update

Bulletin has no description...

5.9CVSS6.8AI score0.88944EPSS
Exploits12
OSV
OSV
•added 2016/07/14 12:0 a.m.•42 views

DSA-3618-1 php5 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.15484EPSS
Exploits9
OSV
OSV
•added 2016/07/07 12:0 a.m.•42 views

DLA-545-1 icu - security update

Bulletin has no description...

10CVSS7.4AI score0.07514EPSS
Exploits0
OSV
OSV
•added 2016/06/05 12:0 a.m.•42 views

DSA-3548-3 samba - regression update

Bulletin has no description...

6.8AI score
Exploits0
OSV
OSV
•added 2016/04/07 12:0 a.m.•42 views

DSA-3544-1 python-django - security update

Bulletin has no description...

7.4CVSS5.5AI score0.04035EPSS
Exploits0
OSV
OSV
•added 2016/03/04 12:0 a.m.•42 views

DSA-3505-1 wireshark - security update

Bulletin has no description...

5.5CVSS6AI score0.05488EPSS
Exploits10
OSV
OSV
•added 2016/01/14 12:0 a.m.•42 views

DLA-387-1 openssh - security update

Bulletin has no description...

8.1CVSS6.8AI score0.63468EPSS
Exploits3
OSV
OSV
•added 2016/01/09 12:0 a.m.•42 views

DSA-3437-1 gnutls26 - security update

Bulletin has no description...

5.9CVSS6.6AI score0.0288EPSS
Exploits0
OSV
OSV
•added 2015/12/06 12:0 a.m.•42 views

DLA-360-1 linux-2.6 - security update

Bulletin has no description...

5.9CVSS6.7AI score0.00675EPSS
Exploits3
OSV
OSV
•added 2015/06/10 12:0 a.m.•42 views

DLA-242-1 imagemagick - security update

Bulletin has no description...

6.5CVSS6.1AI score0.02889EPSS
Exploits0
OSV
OSV
•added 2015/02/24 12:0 a.m.•42 views

DLA-157-1 openjdk-6 - security update

Bulletin has no description...

10CVSS5.2AI score0.99999EPSS
Exploits12
OSV
OSV
•added 2015/02/23 12:0 a.m.•42 views

DSA-3169-1 eglibc - security update

Bulletin has no description...

7.8CVSS7AI score0.07688EPSS
Exploits4
OSV
OSV
•added 2015/01/09 12:0 a.m.•42 views

DLA-131-1 file - security update

Bulletin has no description...

5CVSS9.4AI score0.05926EPSS
Exploits0
OSV
OSV
•added 2014/12/21 12:0 a.m.•42 views

DLA-118-1 linux-2.6 - security update

Bulletin has no description...

7.8CVSS6.8AI score0.08579EPSS
Exploits4
OSV
OSV
•added 2014/08/03 12:0 a.m.•42 views

DSA-2995-1 lzo2 - security update

Bulletin has no description...

8.8CVSS9AI score0.05315EPSS
Exploits1
OSV
OSV
•added 2014/05/18 12:0 a.m.•42 views

DSA-2931-1 openssl - security update

Bulletin has no description...

4.3CVSS7.8AI score0.43828EPSS
Exploits0
OSV
OSV
•added 2013/05/14 12:0 a.m.•42 views

DSA-2668-1 linux-2.6 - several

Bulletin has no description...

7.1CVSS6.4AI score0.0285EPSS
Exploits8
OSV
OSV
•added 2013/03/04 12:0 a.m.•42 views

DSA-2637-1 apache2 - several

Bulletin has no description...

4.6CVSS6.5AI score0.22913EPSS
Exploits3
OSV
OSV
•added 2012/09/26 12:0 a.m.•42 views

DSA-2552-1 tiff - several

Bulletin has no description...

7.5CVSS8.1AI score0.08768EPSS
Exploits3
Total number of security vulnerabilities5000