Lucene search
K
OsvMost viewed

907680 matches found

OSV
OSV
•added 2017/07/10 12:0 a.m.•63 views

UBUNTU-CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...

7.5CVSS7.2AI score0.04812EPSS
Exploits0References7
OSV
OSV
•added 2016/09/18 12:0 a.m.•63 views

DLA-628-1 php5 - security update

Bulletin has no description...

9.8CVSS8.2AI score0.15484EPSS
Exploits25
OSV
OSV
•added 2014/09/24 12:0 a.m.•63 views

DSA-3032-1 bash - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits130
OSV
OSV
•added 2009/11/25 12:0 a.m.•63 views

DSA-1940-1 php5 - multiple issues

Bulletin has no description...

7.5CVSS8.1AI score0.12041EPSS
Exploits5
OSV
OSV
•added 2008/03/30 12:0 a.m.•63 views

DSA-1535-1 iceweasel

Bulletin has no description...

9.3CVSS9.8AI score0.06055EPSS
Exploits2
OSV
OSV
•added 2007/07/24 12:0 a.m.•63 views

DSA-1339-1 iceape - several

Bulletin has no description...

9.3CVSS9.6AI score0.04618EPSS
Exploits3
OSV
OSV
•added 2026/06/03 10:20 a.m.•62 views

RHSA-2026:22644 Red Hat Security Advisory: samba security update

Bulletin has no description...

9CVSS5.7AI score0.12797EPSS
Exploits7References28
OSV
OSV
•added 2026/04/14 11:18 p.m.•62 views

GHSA-FF5Q-CC22-FGP4 WWBN AVideo has a CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) Exposes Authenticated API Responses

Summary The CORS origin validation fix in commit 986e64aad is incomplete. Two separate code paths still reflect arbitrary Origin headers with credentials allowed for all /api/ endpoints: 1 plugin/API/router.php lines 4-8 unconditionally reflect any origin before application code runs, and 2...

7.1CVSS6.1AI score0.00132EPSS
Exploits1References4
OSV
OSV
•added 2025/01/08 7:20 a.m.•62 views

BIT-REDIS-2024-51741 Redis allows denial-of-service due to malformed ACL selectors

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2...

4.4CVSS5.4AI score0.00299EPSS
Exploits0References5
OSV
OSV
•added 2024/10/03 6:26 p.m.•62 views

GHSA-593M-55HH-J8GV Sentry SDK Prototype Pollution gadget in JavaScript SDKs

Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. !NOTE This...

6.3CVSS7.2AI score
Exploits0References6
OSV
OSV
•added 2024/10/02 11:22 a.m.•62 views

RHSA-2023:5931 Red Hat Security Advisory: Satellite 6.13.5 Async Security Update

Bulletin has no description...

9.8CVSS8.3AI score0.99999EPSS
Exploits26References84
OSV
OSV
•added 2024/09/23 8:29 a.m.•62 views

SUSE-SU-2024:3383-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session bsc1229827. - CVE-2024-43899: drm/amd/display: Fix null pointer deref in...

9.1CVSS8.4AI score0.01219EPSS
Exploits11References874
OSV
OSV
•added 2024/08/21 4:4 p.m.•62 views

GO-2022-1236 usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos

usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos...

8.1CVSS8.1AI score0.00761EPSS
Exploits1References4
OSV
OSV
•added 2024/05/22 12:0 a.m.•62 views

ALSA-2024:3271 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

7.5CVSS8.3AI score0.99995EPSS
Exploits1References8
OSV
OSV
•added 2024/04/02 7:34 p.m.•62 views

GO-2024-2668 Login username enumeration in github.com/IceWhaleTech/CasaOS-UserService

The Casa OS Login page has a username enumeration vulnerability in the login page that was patched in Casa OS v0.4.7. The issue exists because the application response differs depending on whether the username or password is incorrect, allowing an attacker to enumerate usernames by observing the...

7.5CVSS6.3AI score0.00618EPSS
Exploits1References1
OSV
OSV
•added 2024/04/01 12:0 a.m.•62 views

ASB-A-311374917

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS7.8AI score0.0009EPSS
Exploits0References2
OSV
OSV
•added 2024/03/06 11:23 a.m.•62 views

BIT-GITLAB-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

8.1CVSS7.9AI score0.00814EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 11:23 a.m.•62 views

BIT-GITLAB-2020-10091

GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types...

6.1CVSS5.8AI score0.00691EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 11:11 a.m.•62 views

BIT-GITLAB-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization...

5CVSS4.4AI score0.00432EPSS
Exploits1References3
OSV
OSV
•added 2024/02/29 1:44 a.m.•62 views

CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

9.8CVSS7.1AI score
Exploits0References2
OSV
OSV
•added 2024/02/19 9:15 a.m.•62 views

CVE-2024-26308

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue...

5.5CVSS6.8AI score
Exploits0References3
OSV
OSV
•added 2024/01/29 10:41 p.m.•62 views

CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.5CVSS6.6AI score0.0102EPSS
Exploits1References8
OSV
OSV
•added 2024/01/25 9:15 p.m.•62 views

CVE-2023-52251

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages...

8.8CVSS8AI score0.85025EPSS
Exploits5References2
OSV
OSV
•added 2023/11/14 8:36 p.m.•62 views

GHSA-XX9P-XXVH-7G8J Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

3.4CVSS6AI score0.00827EPSS
Exploits1References7
OSV
OSV
•added 2023/10/27 9:55 p.m.•62 views

GHSA-7C2Q-5QMR-V76Q DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods or more specifically...

7.5CVSS7.2AI score
Exploits0References2
OSV
OSV
•added 2023/10/26 8:53 p.m.•62 views

GHSA-X9W5-V3Q2-3RHW browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References8
OSV
OSV
•added 2023/10/18 8:17 p.m.•62 views

CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4.7AI score0.00444EPSS
Exploits0References9
OSV
OSV
•added 2023/08/22 12:0 p.m.•62 views

RUSTSEC-2023-0053 rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.5CVSS7.7AI score0.06325EPSS
Exploits0References2
OSV
OSV
•added 2023/08/11 12:0 a.m.•62 views

DSA-5474-1 intel-microcode - security update

Bulletin has no description...

7.2CVSS7AI score0.03882EPSS
Exploits1
OSV
OSV
•added 2023/06/22 9:30 p.m.•62 views

GHSA-MPV3-G8M3-3FJC Grafana vulnerable to Authentication Bypass by Spoofing

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app...

9.4CVSS9.6AI score0.04094EPSS
Exploits0References6
OSV
OSV
•added 2023/05/17 9:30 p.m.•62 views

GHSA-WJQ3-7JXX-WHJ9 mlflow Path Traversal vulnerability

mlflow prior to 2.3.0 is vulnerable to path traversal due to a bypass of the fix for CVE-2023-1177...

9.8CVSS9.3AI score0.06311EPSS
Exploits1References5
OSV
OSV
•added 2023/03/15 9:15 p.m.•62 views

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

7.5CVSS6.9AI score
Exploits0References7
OSV
OSV
•added 2023/01/10 12:0 a.m.•62 views

DSA-5312-1 libjettison-java - security update

Bulletin has no description...

7.5CVSS7.2AI score0.01395EPSS
Exploits2
OSV
OSV
•added 2022/12/12 6:15 p.m.•62 views

PYSEC-2022-43002

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...

9.8CVSS6.9AI score0.00789EPSS
Exploits1References5
OSV
OSV
•added 2022/09/05 12:0 a.m.•62 views

DLA-3099-1 qemu - security update

Bulletin has no description...

8.8CVSS6.7AI score0.02904EPSS
Exploits12
OSV
OSV
•added 2022/07/12 12:0 a.m.•62 views

OSV-2022-572 Heap-buffer-overflow in dhcp_reply

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49002 Crash type: Heap-buffer-overflow READ 1 Crash state: dhcpreply dhcppacket FuzzDhcp...

7.2AI score
Exploits0References1
OSV
OSV
•added 2022/07/05 12:0 a.m.•62 views

DSA-5177-1 ldap-account-manager - security update

Bulletin has no description...

9CVSS6.2AI score0.02346EPSS
Exploits2
OSV
OSV
•added 2022/05/24 5:16 p.m.•62 views

GHSA-GV2W-88HX-8M9R Improper Authorization in Undertoe

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

8.6CVSS9.6AI score0.9927EPSS
Exploits45References5
OSV
OSV
•added 2022/04/11 9:38 p.m.•62 views

GHSA-GX8X-G87M-H5Q6 Denial of Service (DoS) in Nokogiri on JRuby

Summary Nokogiri v1.13.4 updates the vendored org.cyberneko.html library to 1.9.22.noko2 which addresses CVE-2022-24839. That CVE is rated 7.5 High Severity. See GHSA-9849-p7jc-9rmv for more information. Please note that this advisory only applies to the JRuby implementation of Nokogiri = 1.13.4...

7.5CVSS7.5AI score0.02114EPSS
Exploits0References7
OSV
OSV
•added 2022/02/09 12:46 a.m.•62 views

GHSA-CMX4-P4V5-HMR5 Server-side request forgery (SSRF) in Apache Batik

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS8.3AI score0.1074EPSS
Exploits0References16
OSV
OSV
•added 2022/01/06 9:12 p.m.•62 views

GHSA-3CF2-X423-X582 Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

6.5CVSS6.6AI score0.01057EPSS
Exploits1References5
OSV
OSV
•added 2022/01/04 12:0 a.m.•62 views

DSA-5035-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.9AI score0.97108EPSS
Exploits4
OSV
OSV
•added 2021/10/01 12:0 a.m.•62 views

ASB-A-175451844

In several functions of ttyio.c and related files, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.4CVSS6.9AI score0.00468EPSS
Exploits1References2
OSV
OSV
•added 2021/09/30 5:10 p.m.•62 views

GHSA-XV7V-RF6G-XWRC Directory Traversal in typo3/phar-stream-wrapper

The PharStreamWrapper aka phar-stream-wrapper package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL...

9.8CVSS9.4AI score0.05586EPSS
Exploits0References26
OSV
OSV
•added 2021/05/19 11:2 p.m.•62 views

GHSA-HPW7-3VQ3-MMV6 Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

9.1CVSS9AI score0.01584EPSS
Exploits1References3
OSV
OSV
•added 2021/05/17 8:52 p.m.•62 views

GHSA-7RRM-V45F-JP64 Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

Summary Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 Medium severity - CVE-2020-24977 Medium severity - CVE-2021-3517 Medium severity - CVE-2021-3518 Medium severity - CVE-2021-3537 Low severity - CVE-2021-3541 Low severity Note that two...

6.5CVSS7.2AI score0.01861EPSS
Exploits0References4
OSV
OSV
•added 2021/05/13 10:29 p.m.•62 views

GHSA-2MQ8-99Q7-55WX Code injection in keycloak

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.3CVSS7.4AI score0.0119EPSS
Exploits0References4
OSV
OSV
•added 2021/04/10 12:0 a.m.•62 views

DLA-2623-1 qemu - security update

Bulletin has no description...

6.5CVSS6.5AI score0.00587EPSS
Exploits2
OSV
OSV
•added 2021/02/11 12:0 a.m.•62 views

DLA-2555-1 netty - security update

Bulletin has no description...

6.2CVSS6.6AI score0.01777EPSS
Exploits1
OSV
OSV
•added 2020/12/18 12:0 a.m.•62 views

DLA-2500-1 curl - security update

Bulletin has no description...

7.5CVSS6.4AI score0.09917EPSS
Exploits2
Total number of security vulnerabilities5000