Lucene search
K
OsvMost viewed

907650 matches found

OSV
OSV
added 2011/09/22 12:0 a.m.71 views

DSA-2310-1 linux-2.6 - several issues

Bulletin has no description...

9.1CVSS7.5AI score0.05689EPSS
Exploits13
OSV
OSV
added 2008/03/06 12:0 a.m.71 views

DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities

Bulletin has no description...

7.8CVSS6.8AI score0.05605EPSS
Exploits9
OSV
OSV
added 2008/02/09 12:0 a.m.71 views

DSA-1488-1 phpbb2 - several vulnerabilities

Bulletin has no description...

10CVSS6AI score0.01584EPSS
Exploits1
OSV
OSV
added 2005/01/17 12:0 a.m.71 views

DSA-642-1 gallery - several

Bulletin has no description...

6.8CVSS6.1AI score0.01477EPSS
Exploits0
OSV
OSV
added 2024/10/15 6:20 a.m.70 views

RHSA-2024:8083 Red Hat Security Advisory: grafana security update

Bulletin has no description...

8.2CVSS8.1AI score0.00634EPSS
Exploits0References10
OSV
OSV
added 2024/07/26 7:28 a.m.70 views

BIT-NGINX-INGRESS-CONTROLLER-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References179
OSV
OSV
added 2024/05/09 6:50 p.m.70 views

RLSA-2024:2778 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

8.2CVSS6.9AI score0.87211EPSS
Exploits2References6
OSV
OSV
added 2024/05/06 1:4 p.m.70 views

RLSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS7.4AI score0.03168EPSS
Exploits0References8
OSV
OSV
added 2024/03/04 5:29 p.m.70 views

GO-2024-2587 SQL injection in github.com/apache/age/drivers/golang

SQL injection in github.com/apache/age/drivers/golang...

8.1CVSS8.4AI score0.00948EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 7:15 a.m.70 views

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

5.3CVSS5.1AI score0.00874EPSS
Exploits1References4
OSV
OSV
added 2023/06/01 4:4 p.m.70 views

CVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

7.5CVSS6.6AI score0.01473EPSS
Exploits1References4
OSV
OSV
added 2023/04/12 1:41 a.m.70 views

RLSA-2023:1670 Important: httpd and mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References2
OSV
OSV
added 2023/02/28 12:0 a.m.70 views

ALSA-2023:0953 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS8AI score0.02453EPSS
Exploits1References4
OSV
OSV
added 2022/09/28 12:0 a.m.70 views

DSA-5243-1 lighttpd - security update

Bulletin has no description...

7.5CVSS7.5AI score0.02714EPSS
Exploits5
OSV
OSV
added 2018/09/18 1:49 p.m.70 views

GHSA-C2VR-2C89-PH88 Downloads Resources over HTTP in node-bsdiff-android

Affected versions of node-bsdiff-android insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...

8.1CVSS8.1AI score0.00578EPSS
Exploits0References4
OSV
OSV
added 2016/09/02 12:0 a.m.70 views

DLA-609-1 linux - security update

Bulletin has no description...

9.3CVSS7AI score0.15073EPSS
Exploits8
OSV
OSV
added 2025/03/31 4:5 p.m.69 views

CGA-XCXW-9493-3GQ3

Bulletin has no description...

8.7CVSS7.2AI score0.00369EPSS
Exploits0
OSV
OSV
added 2024/08/19 5:26 p.m.69 views

GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush

An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...

9.1CVSS9.1AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 10:33 a.m.69 views

BIT-PYTHON-2024-4030

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

7.1CVSS7.1AI score0.003EPSS
Exploits0References15
OSV
OSV
added 2024/03/06 11:23 a.m.69 views

BIT-GITLAB-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

5.3CVSS5AI score0.0091EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:55 a.m.69 views

BIT-APACHE-2021-36160 mod_proxy_uwsgi out of bound read

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

7.5CVSS8.5AI score0.62887EPSS
Exploits0References25
OSV
OSV
added 2024/01/28 4:15 a.m.69 views

CVE-2024-23740

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

9.8CVSS8AI score0.01456EPSS
Exploits0References2
OSV
OSV
added 2023/03/18 9:30 p.m.69 views

GHSA-PMHG-CMJC-3875 Ansible Semaphore mishandles authentication

api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication...

9.8CVSS9.4AI score0.00873EPSS
Exploits0References4
OSV
OSV
added 2022/12/06 6:15 p.m.69 views

PYSEC-2022-42997

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

7.5CVSS6.9AI score0.00791EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:9 a.m.69 views

GHSA-2G99-C67P-56HM XML Signature/Encryption Not Validated in Apache CXF

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS5.8AI score0.04112EPSS
Exploits1References18
OSV
OSV
added 2022/05/09 6:15 p.m.69 views

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

9.8CVSS2.8AI score0.02744EPSS
Exploits0References5
OSV
OSV
added 2022/05/03 12:0 a.m.69 views

GHSA-QP49-3PVW-X4M5 sinatra does not validate expanded path matches

Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files...

7.5CVSS7.5AI score0.02059EPSS
Exploits0References8
OSV
OSV
added 2022/01/13 3:5 p.m.69 views

GHSA-7P8F-8HJM-WM92 Lookup operations do not take into account wildcards in SpiceDB

Impact Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not accessible by virtue of the inclusion of the wildcard in the intersection or the rig...

8.1CVSS7.9AI score0.01472EPSS
Exploits0References6
OSV
OSV
added 2018/08/21 7:3 p.m.69 views

GHSA-FR52-4HQW-P27F Nokogiri does not forbid namespace nodes in XPointer ranges

xpointer.c in libxml2 before 2.9.5 as used in nokogiri before 1.7.1 amongst other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and memory corruption via a crafted XML document...

9.8CVSS8AI score0.08628EPSS
Exploits0References11
OSV
OSV
added 2017/11/07 12:0 a.m.69 views

DLA-1166-1 tomcat7 - security update

Bulletin has no description...

8.1CVSS6.9AI score0.99988EPSS
Exploits23
OSV
OSV
added 2017/10/19 12:0 a.m.69 views

DSA-4002-1 mysql-5.5 - security update

Bulletin has no description...

6.5CVSS6.1AI score0.03264EPSS
Exploits0
OSV
OSV
added 2016/05/31 12:0 a.m.69 views

DLA-499-1 php5 - security update

Bulletin has no description...

9.8CVSS8.1AI score0.19455EPSS
Exploits15
OSV
OSV
added 2015/07/25 12:0 a.m.69 views

DLA-282-1 lighttpd - security update

Bulletin has no description...

4.3CVSS4.9AI score0.99999EPSS
Exploits7
OSV
OSV
added 2026/06/12 12:25 p.m.68 views

OESA-2026-2645 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability, which was classifie...

8.8CVSS4.6AI score0.00581EPSS
Exploits4References5
OSV
OSV
added 2024/07/16 7:32 p.m.68 views

GHSA-Q5FM-55C2-V6J9 Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib

Summary Vulnerability scan of fiona shows CVE-2023-45853. The vulnerability is in GDAL, a dependency of fiona. Details Fiona depends on GDAL and GDAL has a port of minizip. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a...

9.8CVSS7.7AI score0.02918EPSS
Exploits0References5
OSV
OSV
added 2024/05/07 2:29 p.m.68 views

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.6AI score0.01064EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 10:59 a.m.68 views

BIT-NGINX-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

7.7CVSS6.4AI score0.52838EPSS
Exploits10References15
OSV
OSV
added 2024/03/06 10:51 a.m.68 views

BIT-ELASTICSEARCH-2023-31419 Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

7.5CVSS6.5AI score0.60679EPSS
Exploits4References4
OSV
OSV
added 2024/02/09 9:15 a.m.68 views

CVE-2024-25674

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type...

9.8CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2023/11/02 9:44 p.m.68 views

GO-2023-2160 Panic during QUIC handshake in github.com/quic-go/quic-go

The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic...

7.5CVSS7.4AI score0.00765EPSS
Exploits0References2
OSV
OSV
added 2023/10/24 8:27 p.m.68 views

GO-2023-2137 Credentials leak in github.com/ydb-platform/ydb-go-sdk/v3

A custom credentials object that does not implement the fmt.Stringer interface may leak sensitive information e.g., credentials via logs...

5.5CVSS5.2AI score0.00219EPSS
Exploits0References3
OSV
OSV
added 2023/10/11 4:49 p.m.68 views

GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/08/22 7:16 p.m.68 views

CVE-2022-48174

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution...

9.8CVSS8.2AI score
Exploits0References3
OSV
OSV
added 2023/03/20 12:0 a.m.68 views

DSA-5376-1 apache2 - security update

Bulletin has no description...

9.8CVSS7.8AI score0.8377EPSS
Exploits5
OSV
OSV
added 2023/02/08 12:35 a.m.68 views

GHSA-74FP-R6JW-H4MP Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

7.5CVSS7.4AI score0.25939EPSS
Exploits2References8
OSV
OSV
added 2022/11/22 7:15 p.m.68 views

PYSEC-2022-42995

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

5.1CVSS6.6AI score0.00247EPSS
Exploits0References5
OSV
OSV
added 2022/10/31 6:15 a.m.68 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

7.5CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2022/10/01 12:0 a.m.68 views

ASB-A-195410559

In btadmremovedevice of btadmact.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score
Exploits0References3
OSV
OSV
added 2022/07/15 11:30 p.m.68 views

GO-2022-0492 Path traversal in github.com/argoproj/argo-events

GitArtifactReader is vulnerable to directory traversal attacks. The GitArtifactReader.Read function reads and returns the contents of a Git repository file. A maliciously crafted repository can exploit this to cause Read to read from arbitrary files on the filesystem...

7.5CVSS7.3AI score0.01815EPSS
Exploits1References2
OSV
OSV
added 2022/05/14 1:28 a.m.68 views

GHSA-X5QJ-9VMX-7G6G Improper Input Validation in .Net Framework API's

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'...

5.9CVSS6.8AI score0.04518EPSS
Exploits0References6
Total number of security vulnerabilities5000