Lucene search
K
OsvMost viewed

921352 matches found

OSV
OSV
added 2024/05/14 6:54 p.m.65 views

CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

3.9CVSS6.7AI score0.00519EPSS
Exploits1References7
OSV
OSV
added 2024/05/10 2:32 p.m.65 views

RLSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
OSV
OSV
added 2024/04/02 12:0 a.m.65 views

ALSA-2024:1644 Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloa...

7.5CVSS8AI score0.01533EPSS
Exploits0References4
OSV
OSV
added 2024/03/15 7:53 p.m.65 views

GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

8.1CVSS8.1AI score0.00796EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 10:58 a.m.65 views

BIT-NATS-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

6.5CVSS6.4AI score0.02251EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:53 a.m.65 views

BIT-APACHE-2022-28330 read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS7AI score0.03398EPSS
Exploits0References4
OSV
OSV
added 2024/02/20 12:0 a.m.65 views

ALSA-2024:0889 Moderate: oniguruma security update

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c CVE-2019-16163 oniguruma: integer overflow i...

9.8CVSS8.4AI score0.10539EPSS
Exploits6References12
OSV
OSV
added 2023/10/03 12:0 a.m.65 views

DSA-5514-1 glibc - security update

Bulletin has no description...

7.8CVSS8.1AI score0.81422EPSS
Exploits27
OSV
OSV
added 2023/05/09 12:0 a.m.65 views

ALSA-2023:2167 Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS7AI score0.02607EPSS
Exploits1References12
OSV
OSV
added 2023/03/23 8:0 p.m.65 views

GHSA-MFVG-QWCW-QVC8 baserCMS allows any file to be uploaded

There is a vulnerability that allows uploading any files to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. Target baserCMS 4.7.3 and earli...

9.8CVSS9.4AI score0.01089EPSS
Exploits0References6
OSV
OSV
added 2022/11/21 11:58 p.m.65 views

GHSA-VV3R-FXQP-VR3F XSS via uploaded gpx file

A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer all...

5.4CVSS5.2AI score0.00516EPSS
Exploits0References6
OSV
OSV
added 2022/07/11 8:59 p.m.65 views

GHSA-CM59-PR5Q-CW85 Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. The vulnerable method is used to create a work directory for embedd...

7.8CVSS7.5AI score0.00583EPSS
Exploits1References4
OSV
OSV
added 2022/05/03 12:0 a.m.65 views

DSA-5128-1 openjdk-17 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.48235EPSS
Exploits6
OSV
OSV
added 2022/04/01 12:0 a.m.65 views

DSA-5111-1 zlib - security update

Bulletin has no description...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
OSV
OSV
added 2021/07/17 3:3 p.m.65 views

UVI-2021-1001147 CWE-89 in Secure Remote Access (SRA) version 8.x, 9.0.0.9-26sv and earlier

SonicWall is aware of improper neutralization of a SQL Command leading to SQL Injection vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware or an old version of firmware 9.x 9.0.0.9-26sv or...

8.3AI score
Exploits0References1
OSV
OSV
added 2021/05/18 6:20 p.m.65 views

GHSA-75PC-QVWC-JF3G Improper Input Validation in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 in Go package github.com/hashicorp/vault-plugin-secrets-gcp/plugin has Incorrect Access Control...

9.8CVSS9.4AI score0.01522EPSS
Exploits0References6
OSV
OSV
added 2021/02/16 12:0 a.m.65 views

DLA-2560-1 qemu - security update

Bulletin has no description...

7.5CVSS6.2AI score0.0183EPSS
Exploits3
OSV
OSV
added 2020/11/21 9:15 p.m.65 views

PYSEC-2020-108

DISPUTED svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service segmentation fault via a crafted model SVM introduced via pickle, json, or any other model permanence standard with a large value in the nsupport...

7.5CVSS6.2AI score0.03429EPSS
Exploits3References5
OSV
OSV
added 2020/10/22 12:0 p.m.65 views

RUSTSEC-2020-0059 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

4.7CVSS4.7AI score0.00261EPSS
Exploits1References3
OSV
OSV
added 2020/09/03 12:0 p.m.65 views

RUSTSEC-2020-0039 `index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

9.1CVSS8.1AI score0.0151EPSS
Exploits0References3
OSV
OSV
added 2020/06/15 7:36 p.m.65 views

GHSA-MM9X-G8PC-W292 Denial of Service in Netty

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS7.5AI score0.09438EPSS
Exploits0References46
OSV
OSV
added 2020/06/11 12:0 a.m.65 views

DSA-4701-1 intel-microcode - security update

Bulletin has no description...

5.5CVSS6.5AI score0.00587EPSS
Exploits0
OSV
OSV
added 2019/06/17 12:0 a.m.65 views

DLA-1823-1 linux - security update

Bulletin has no description...

9.8CVSS6.6AI score0.98745EPSS
Exploits6
OSV
OSV
added 2018/05/25 12:0 a.m.65 views

DLA-1383-1 xen - security update

Bulletin has no description...

8.8CVSS6.6AI score0.18262EPSS
Exploits9
OSV
OSV
added 2018/05/09 12:0 a.m.65 views

DLA-1373-1 php5 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.08677EPSS
Exploits0
OSV
OSV
added 2018/03/04 8:29 p.m.65 views

UBUNTU-CVE-2018-7567

In the Admin Package Manager in Open Ticket Request System OTRS 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server...

7.2CVSS7.3AI score0.05385EPSS
Exploits3References3
OSV
OSV
added 2017/01/30 12:0 a.m.65 views

DLA-809-1 tcpdump - security update

Bulletin has no description...

9.8CVSS7.4AI score0.06196EPSS
Exploits0
OSV
OSV
added 2016/08/07 9:59 p.m.65 views

CVE-2016-6515

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.5CVSS5.9AI score
Exploits0References15
OSV
OSV
added 2015/12/04 12:0 a.m.65 views

DLA-359-1 mysql-5.5 - packages as an option announcement

Bulletin has no description...

7.2CVSS6.9AI score0.30146EPSS
Exploits6
OSV
OSV
added 2012/02/28 12:0 a.m.65 views

DSA-2420-1 openjdk-6 - several

Bulletin has no description...

10CVSS8.8AI score0.98113EPSS
Exploits19
OSV
OSV
added 2011/01/11 12:0 a.m.65 views

DSA-2122-2 glibc - privilege escalation

Bulletin has no description...

7.2CVSS8.5AI score0.09454EPSS
Exploits35
OSV
OSV
added 2009/05/02 12:0 a.m.65 views

DSA-1787-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

10CVSS6.4AI score0.1673EPSS
Exploits30
OSV
OSV
added 2008/07/27 12:0 a.m.65 views

DSA-1621-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS9AI score0.13949EPSS
Exploits4
OSV
OSV
added 2026/06/07 12:0 p.m.64 views

RUSTSEC-2026-0173 proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/05/20 10:9 a.m.64 views

RHSA-2026:18683 Red Hat Security Advisory: libssh security update

Bulletin has no description...

6.5CVSS7.2AI score0.00582EPSS
Exploits0References55
OSV
OSV
added 2026/05/18 8:56 a.m.64 views

BIT-TOMCAT-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References53
OSV
OSV
added 2025/10/23 4:25 p.m.64 views

GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...

8.8CVSS7AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2024/10/18 5:39 a.m.64 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References4
OSV
OSV
added 2024/09/30 4:32 p.m.64 views

RHSA-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits42References147
OSV
OSV
added 2024/08/21 4:3 p.m.64 views

GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server

gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server...

6.1CVSS5.5AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 2:30 p.m.64 views

GO-2022-0298 Command injection in gh-ost in github.com/github/gh-ost

Command injection in gh-ost in github.com/github/gh-ost...

6.8CVSS6.6AI score0.01003EPSS
Exploits0References3
OSV
OSV
added 2024/07/08 6:41 p.m.64 views

GHSA-7HMH-PFRP-VCX4 Directus GraphQL Field Duplication Denial of Service (DoS)

Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...

7.1CVSS6.4AI score0.00795EPSS
Exploits1References4
OSV
OSV
added 2024/07/01 12:37 p.m.64 views

CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS6.9AI score0.99506EPSS
Exploits68References87
OSV
OSV
added 2024/05/03 2:14 a.m.64 views

CVE-2023-50230 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

7.1CVSS7.5AI score0.01493EPSS
Exploits0References5
OSV
OSV
added 2024/05/01 5:5 p.m.64 views

GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing

Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...

10CVSS9.2AI score0.00833EPSS
Exploits1References10
OSV
OSV
added 2023/10/23 6:17 a.m.64 views

BIT-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

3.7CVSS6.7AI score0.00314EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/06 5:0 a.m.64 views

RSEC-2023-8 Denial of Service (DoS) vulnerabilities

cmark-gfm, GitHub's extended version of the CommonMark library in C, suffers from multiple vulnerabilities affecting versions prior to 0.29.0.gfm.12. Various issues, including polynomial time complexity in multiple components like autolink extension, handleclosebracket, and parsing of certain tex...

7.5CVSS6AI score0.01108EPSS
Exploits8References8
OSV
OSV
added 2023/10/02 6:39 p.m.64 views

GO-2023-2077 Authentication bypass in github.com/sagernet/sing

Authentication bypass in github.com/sagernet/sing...

9.8CVSS9.5AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2023/09/12 12:0 a.m.64 views

ALSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References22
OSV
OSV
added 2023/08/22 12:0 p.m.64 views

RUSTSEC-2023-0053 rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.5CVSS7.7AI score0.06325EPSS
Exploits0References2
Total number of security vulnerabilities5000