Lucene search
K
OsvMost viewed

907645 matches found

OSV
OSV
•added 2023/10/26 3:15 p.m.•72 views

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

9CVSS6.7AI score0.00765EPSS
Exploits1References2
OSV
OSV
•added 2023/04/11 9:48 p.m.•72 views

GHSA-PXVG-2QJ5-37JQ Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Summary Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to v2.10.4 from v2.10.3. libxml2 v2.10.4 addresses the following known vulnerabilities: - CVE-2023-29469: Hashing of empty dict strings isn't deterministic - CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexTyp...

6.5CVSS6.6AI score0.01086EPSS
Exploits1References8
OSV
OSV
•added 2023/03/30 8:16 p.m.•72 views

GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.5CVSS8.7AI score0.00883EPSS
Exploits1References7
OSV
OSV
•added 2023/01/10 12:0 a.m.•72 views

DSA-5313-1 hsqldb - security update

Bulletin has no description...

9.8CVSS8.7AI score0.03519EPSS
Exploits1
OSV
OSV
•added 2022/10/18 12:0 a.m.•72 views

DSA-5256-1 bcel - security update

Bulletin has no description...

7.5CVSS8AI score0.17673EPSS
Exploits2
OSV
OSV
•added 2022/07/06 12:0 a.m.•72 views

DSA-5178-1 intel-microcode - security update

Bulletin has no description...

5.5CVSS7AI score0.06451EPSS
Exploits0
OSV
OSV
•added 2022/06/11 12:0 a.m.•72 views

DSA-5161-1 linux - security update

Bulletin has no description...

8.2CVSS6.9AI score0.03134EPSS
Exploits7
OSV
OSV
•added 2022/05/24 5:9 p.m.•72 views

GHSA-VJCM-J85R-7P68 DNN File Upload Vulnerability

DNN formerly DotNetNuke through 9.4.4 has a File upload vulnerability via bypassing client-side file extension check...

6.5CVSS6.4AI score0.01815EPSS
Exploits3References5
OSV
OSV
•added 2022/01/06 9:8 p.m.•72 views

GHSA-F8X6-M9F5-FFP8 Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager

This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload...

6.7CVSS8.9AI score0.01821EPSS
Exploits0References7
OSV
OSV
•added 2022/01/01 12:15 a.m.•72 views

PYSEC-2022-25

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

5.5CVSS3.4AI score0.0155EPSS
Exploits1References5
OSV
OSV
•added 2021/10/12 10:2 p.m.•72 views

GHSA-267X-W5HX-8HJR Integer Overflow or Wraparound in OpenCV

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 corresponding with OpenCV-Python version 3.3.0.9 and...

8.8CVSS8.8AI score0.02699EPSS
Exploits0References7
OSV
OSV
•added 2021/06/08 8:11 p.m.•72 views

GHSA-XX8F-QF9F-5FGW Remote code execution in zendframework and laminas-http

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.7AI score0.75313EPSS
Exploits3References6
OSV
OSV
•added 2020/12/09 12:0 a.m.•72 views

DLA-2485-1 golang-golang-x-net-dev - security update

Bulletin has no description...

7.8CVSS7.2AI score0.83433EPSS
Exploits1
OSV
OSV
•added 2020/07/01 12:0 a.m.•72 views

OSV-2020-662 UNKNOWN READ in wmem_strdup_printf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13725 Crash type: UNKNOWN READ Crash state: wmemstrdupprintf dissectparametersequence dissectrtpssubmessagev2...

7.2AI score
Exploits0References1
OSV
OSV
•added 2020/06/03 9:58 p.m.•72 views

GHSA-9722-RR68-RFPG Upload whitelisted files to any directory in OctoberCMS

Impact An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the...

3.4CVSS3.5AI score0.0118EPSS
Exploits3References5
OSV
OSV
•added 2020/06/02 2:15 p.m.•72 views

CVE-2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

6CVSS7.2AI score
Exploits0References9
OSV
OSV
•added 2019/08/13 9:15 p.m.•72 views

CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

7.5CVSS2.9AI score
Exploits0References47
OSV
OSV
•added 2012/08/30 12:0 a.m.•72 views

DSA-2537-1 typo3-src - several

Bulletin has no description...

4.6CVSS6AI score0.0212EPSS
Exploits1
OSV
OSV
•added 2009/05/06 12:0 a.m.•72 views

DSA-1794-1 linux-2.6 - multiple vulnerabilities

Bulletin has no description...

10CVSS6.2AI score0.1673EPSS
Exploits20
OSV
OSV
•added 2007/10/02 12:0 a.m.•72 views

DSA-1381-2 linux-2.6

Bulletin has no description...

7.2CVSS5.9AI score0.0082EPSS
Exploits0
OSV
OSV
•added 2004/07/22 12:0 a.m.•72 views

DSA-532 libapache-mod-ssl - several vulnerabilities

Bulletin has no description...

7.5CVSS6.3AI score0.37681EPSS
Exploits0
OSV
OSV
•added 2026/06/11 6:49 a.m.•71 views

MAL-2026-5617 Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
OSV
OSV
•added 2024/10/22 12:6 p.m.•71 views

BIT-PYTHON-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS6.5AI score0.02507EPSS
Exploits1References47
OSV
OSV
•added 2024/09/13 9:32 p.m.•71 views

RHSA-2024:4719 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

9.8CVSS8.8AI score0.99957EPSS
Exploits1References19
OSV
OSV
•added 2024/07/17 12:0 a.m.•71 views

ALSA-2024:4573 Important: java-21-openjdk security update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK: Excessive...

7.4CVSS6.9AI score0.01257EPSS
Exploits0References13
OSV
OSV
•added 2024/06/06 12:30 p.m.•71 views

CGA-XVXC-42Q3-JGJ4

Bulletin has no description...

7.5CVSS7.7AI score0.03796EPSS
Exploits0
OSV
OSV
•added 2024/06/06 12:21 p.m.•71 views

CGA-2P5W-7GJQ-WWX3

Bulletin has no description...

7.5CVSS7AI score0.01042EPSS
Exploits0
OSV
OSV
•added 2024/03/06 11:23 a.m.•71 views

BIT-GITLAB-2020-10087

GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...

7.5CVSS7.4AI score0.01174EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 10:59 a.m.•71 views

BIT-NGINX-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.2AI score0.00756EPSS
Exploits2References8
OSV
OSV
•added 2024/03/06 10:57 a.m.•71 views

BIT-APACHE-2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL...

6.1CVSS7.1AI score0.56691EPSS
Exploits0References28
OSV
OSV
•added 2024/03/06 10:55 a.m.•71 views

BIT-APACHE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

7.5CVSS7.8AI score0.46179EPSS
Exploits1References14
OSV
OSV
•added 2024/03/06 10:55 a.m.•71 views

BIT-APACHE-2021-34798 NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS8.7AI score0.64509EPSS
Exploits0References18
OSV
OSV
•added 2023/11/29 8:15 p.m.•71 views

CVE-2023-48952

An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

7.5CVSS6.5AI score
Exploits0References1
OSV
OSV
•added 2023/10/23 7:15 a.m.•71 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score
Exploits0References2
OSV
OSV
•added 2023/08/24 2:15 a.m.•71 views

CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS7.3AI score
Exploits0References3
OSV
OSV
•added 2023/04/04 3:30 p.m.•71 views

GHSA-GQ63-P39P-JRJF Withdrawn: SQL injection in Yii 2

Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...

9.8CVSS9.7AI score0.01822EPSS
Exploits1References5
OSV
OSV
•added 2023/02/13 8:49 p.m.•71 views

CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

5.4CVSS5.3AI score0.00694EPSS
Exploits1References7
OSV
OSV
•added 2022/07/31 12:0 a.m.•71 views

DSA-5196-1 libpgjava - security update

Bulletin has no description...

9.8CVSS9.4AI score0.0301EPSS
Exploits1
OSV
OSV
•added 2022/07/12 12:0 p.m.•71 views

RUSTSEC-2022-0084 libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...

7.5CVSS7.3AI score0.00689EPSS
Exploits0References3
OSV
OSV
•added 2022/03/24 12:18 a.m.•71 views

GHSA-2F5V-8R3F-8PWW Improper access control allows admin privilege escalation in Argo CD

Impact Impacts for versions starting with v1.0.0 All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. To perform the following exploits, an authorized Argo CD use...

9.9CVSS8.6AI score0.01201EPSS
Exploits1References7
OSV
OSV
•added 2022/01/21 6:53 p.m.•71 views

GHSA-82V2-MX6X-WQ7Q Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

5.5CVSS5.6AI score0.00302EPSS
Exploits0References7
OSV
OSV
•added 2021/10/02 12:0 a.m.•71 views

DLA-2776-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.4AI score0.99999EPSS
Exploits5
OSV
OSV
•added 2021/04/13 3:17 p.m.•71 views

GHSA-WHQ6-MJ2R-MJQC OS Command Injection in lsof

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS9.6AI score0.02642EPSS
Exploits1References2
OSV
OSV
•added 2019/08/29 12:15 p.m.•71 views

CVE-2019-15782

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...

6.1CVSS6AI score
Exploits0References3
OSV
OSV
•added 2019/06/06 3:30 p.m.•71 views

GHSA-G95F-P29Q-9XW4 Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...

3.7CVSS5.3AI score
Exploits0References3
OSV
OSV
•added 2019/02/16 12:0 a.m.•71 views

DLA-1679-1 php5 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.65116EPSS
Exploits11
OSV
OSV
•added 2016/09/16 5:59 a.m.•71 views

CVE-2016-2179

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related to...

7.5CVSS5.4AI score
Exploits0References23
OSV
OSV
•added 2014/05/31 12:0 a.m.•71 views

DSA-2942-1 typo3-src - security update

Bulletin has no description...

6CVSS5.1AI score0.02662EPSS
Exploits0
OSV
OSV
•added 2011/09/22 12:0 a.m.•71 views

DSA-2310-1 linux-2.6 - several issues

Bulletin has no description...

9.1CVSS7.5AI score0.05689EPSS
Exploits13
OSV
OSV
•added 2008/03/06 12:0 a.m.•71 views

DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities

Bulletin has no description...

7.8CVSS6.8AI score0.05605EPSS
Exploits9
Total number of security vulnerabilities5000