Lucene search
K
OsvMost viewed

907369 matches found

OSV
OSV
added 2022/07/12 12:0 p.m.59 views

RUSTSEC-2022-0084 libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...

7.5CVSS7.3AI score0.00689EPSS
Exploits0References3
OSV
OSV
added 2022/06/26 12:0 a.m.59 views

DSA-5169-1 openssl - security update

Bulletin has no description...

10CVSS9.1AI score0.95764EPSS
Exploits1
OSV
OSV
added 2022/06/10 12:15 p.m.59 views

PYSEC-2022-207

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS3.1AI score0.00763EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:33 p.m.59 views

GHSA-7PXG-6P87-8C9V Magento 2 Community Edition RCE via Unsafe File Upload

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9.1CVSS9AI score0.0552EPSS
Exploits1References3
OSV
OSV
added 2022/05/14 3:5 a.m.59 views

GHSA-8864-PWHG-3MP2 Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...

6.5CVSS6.4AI score0.00852EPSS
Exploits0References2
OSV
OSV
added 2022/05/09 6:15 p.m.59 views

CVE-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

7.5CVSS3.7AI score0.04127EPSS
Exploits0References15
OSV
OSV
added 2022/05/05 12:0 a.m.59 views

DSA-5131-1 openjdk-11 - security update

Bulletin has no description...

7.5CVSS6.6AI score0.03825EPSS
Exploits0
OSV
OSV
added 2022/03/18 11:10 p.m.59 views

GHSA-X4JG-MJRX-434G Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References5
OSV
OSV
added 2022/02/15 1:57 a.m.59 views

GHSA-H5RH-W6VM-9GHC Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware...

8.2CVSS6.6AI score0.83042EPSS
Exploits0References6
OSV
OSV
added 2022/02/15 1:57 a.m.59 views

GHSA-WF43-55JJ-VWQ8 DNS Rebinding in etcd

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

5.5CVSS6.5AI score0.00512EPSS
Exploits1References6
OSV
OSV
added 2022/02/12 12:0 a.m.59 views

DSA-5073-1 expat - security update

Bulletin has no description...

9.8CVSS8.1AI score0.04829EPSS
Exploits2
OSV
OSV
added 2022/01/28 10:0 p.m.59 views

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

5.9CVSS7.6AI score0.02153EPSS
Exploits0References5
OSV
OSV
added 2021/12/30 12:0 a.m.59 views

DLA-2871-1 lxml - security update

Bulletin has no description...

8.2CVSS7.7AI score0.02456EPSS
Exploits0
OSV
OSV
added 2021/09/22 8:39 p.m.59 views

GHSA-QH7X-J4V8-QW5W Clipboard-based XSS

Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...

8.7CVSS6.6AI score0.01027EPSS
Exploits0References6
OSV
OSV
added 2021/07/29 6:15 p.m.59 views

PYSEC-2021-115

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS5.7AI score0.01639EPSS
Exploits1References6
OSV
OSV
added 2021/07/28 6:8 p.m.59 views

GO-2021-0100 Denial of service via deadlock in github.com/containers/storage

Due to a goroutine deadlock, using github.com/containers/storage/pkg/archive.DecompressStream on a xz archive returns a reader which will hang indefinitely when Close is called. An attacker can use this to cause denial of service if they are able to cause the caller to attempt to decompress an...

7.1CVSS6.5AI score0.01587EPSS
Exploits1References3
OSV
OSV
added 2021/05/27 6:43 p.m.59 views

GHSA-3P3G-VPW6-4W66 Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

5.8CVSS5.6AI score0.01028EPSS
Exploits0References6
OSV
OSV
added 2021/05/18 6:32 p.m.59 views

GHSA-FX8W-MJVM-HVPC Path Traversal in Buildah

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions. Specific Go Packages Affected...

8.8CVSS8.5AI score0.02603EPSS
Exploits1References7
OSV
OSV
added 2021/04/22 4:10 p.m.59 views

GHSA-M496-X567-F98C Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

9.8CVSS9.4AI score0.01203EPSS
Exploits0References2
OSV
OSV
added 2020/12/17 12:0 a.m.59 views

DLA-2498-1 xerces-c - security update

Bulletin has no description...

8.1CVSS8.2AI score0.09503EPSS
Exploits0
OSV
OSV
added 2020/11/03 12:29 p.m.59 views

RLSA-2020:4847 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

8.6CVSS9.1AI score0.9927EPSS
Exploits65References41
OSV
OSV
added 2020/09/09 12:0 a.m.59 views

DLA-2369-1 libxml2 - security update

Bulletin has no description...

9.1CVSS6.6AI score0.07836EPSS
Exploits1
OSV
OSV
added 2020/09/04 8:15 p.m.59 views

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

7.5CVSS3.7AI score0.03028EPSS
Exploits1References7
OSV
OSV
added 2020/05/15 12:0 a.m.59 views

DLA-2211-1 log4net - security update

Bulletin has no description...

9.8CVSS7.2AI score0.49839EPSS
Exploits0
OSV
OSV
added 2020/05/11 12:0 a.m.59 views

DLA-2209-1 tomcat8 - security update

Bulletin has no description...

9.8CVSS7.1AI score0.9927EPSS
Exploits59
OSV
OSV
added 2020/04/26 12:0 a.m.59 views

DLA-2188-1 php5 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.04311EPSS
Exploits3
OSV
OSV
added 2020/02/28 12:0 a.m.59 views

DLA-2124-1 php5 - security update

Bulletin has no description...

9.1CVSS8.5AI score0.08888EPSS
Exploits2
OSV
OSV
added 2020/02/18 12:0 a.m.59 views

DSA-4628-1 php7.0 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.08888EPSS
Exploits5
OSV
OSV
added 2019/11/06 1:15 p.m.59 views

RLSA-2019:3736 Critical: php:7.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.1CVSS9.6AI score0.9947EPSS
Exploits54References2
OSV
OSV
added 2019/09/01 12:0 a.m.59 views

DSA-4511-1 nghttp2 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.82017EPSS
Exploits0
OSV
OSV
added 2019/02/28 12:0 a.m.59 views

DSA-4398-1 php7.0 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.10059EPSS
Exploits5
OSV
OSV
added 2018/10/19 4:16 p.m.59 views

GHSA-84Q7-P226-4X5W Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)

Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning...

7.5CVSS7AI score0.06411EPSS
Exploits0References13
OSV
OSV
added 2018/06/27 12:0 a.m.59 views

DLA-1400-1 tomcat7 - security update

Bulletin has no description...

9.8CVSS6.8AI score0.708EPSS
Exploits6
OSV
OSV
added 2018/06/26 12:0 a.m.59 views

DLA-1397-1 php5 - security update

Bulletin has no description...

9.8CVSS7AI score0.87883EPSS
Exploits3
OSV
OSV
added 2018/03/29 12:0 a.m.59 views

DLA-1326-1 php5 - security update

Bulletin has no description...

9.8CVSS7.5AI score0.87883EPSS
Exploits3
OSV
OSV
added 2017/07/12 12:0 a.m.59 views

DSA-3908-1 nginx - security update

Bulletin has no description...

7.5CVSS7.5AI score0.62597EPSS
Exploits6
OSV
OSV
added 2017/02/07 12:0 a.m.59 views

DLA-818-1 php5 - security update

Bulletin has no description...

10CVSS8.1AI score0.35438EPSS
Exploits4
OSV
OSV
added 2017/01/04 8:59 p.m.59 views

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

9.8CVSS7.9AI score
Exploits0References7
OSV
OSV
added 2016/06/21 12:0 a.m.59 views

DLA-522-1 python2.7 - security update

Bulletin has no description...

10CVSS8.1AI score0.2548EPSS
Exploits7
OSV
OSV
added 2016/05/03 12:0 a.m.59 views

DSA-3566-1 openssl - security update

Bulletin has no description...

10CVSS7.1AI score0.89058EPSS
Exploits7
OSV
OSV
added 2010/03/11 12:0 a.m.59 views

DSA-2012-1 linux-2.6 - several issues

Bulletin has no description...

7.2CVSS5.9AI score0.00611EPSS
Exploits2
OSV
OSV
added 2008/03/28 12:0 a.m.59 views

DSA-1534-1 iceape

Bulletin has no description...

9.3CVSS9.8AI score0.06055EPSS
Exploits3
OSV
OSV
added 2008/03/27 12:0 a.m.59 views

DSA-1532-1 xulrunner

Bulletin has no description...

9.3CVSS9.8AI score0.06055EPSS
Exploits2
OSV
OSV
added 2003/10/11 12:0 a.m.59 views

DSA-394 openssl095 - ASN.1 parsing vulnerability

Bulletin has no description...

10CVSS8.4AI score0.85449EPSS
Exploits0
OSV
OSV
added 2026/01/29 12:44 a.m.58 views

CGA-8795-658Q-CCP9

Bulletin has no description...

9.9CVSS5.8AI score0.00671EPSS
Exploits0
OSV
OSV
added 2025/12/03 2:35 p.m.58 views

BIT-ACTIVEMQ-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS8.1AI score0.99654EPSS
Exploits31References9
OSV
OSV
added 2025/10/07 12:31 a.m.58 views

GHSA-PFXJ-GVQG-MJ44 Liferay Profile Widget does not prevent vCard extension spoofing

The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.4AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2024/10/02 11:24 a.m.58 views

RHSA-2023:5980 Red Hat Security Advisory: Satellite 6.11.5.6 async security update

Bulletin has no description...

9.1CVSS8.5AI score0.99999EPSS
Exploits25References46
OSV
OSV
added 2024/09/16 5:20 p.m.58 views

RHSA-2024:1141 Red Hat Security Advisory: mysql security update

Bulletin has no description...

7.5CVSS5.9AI score0.01782EPSS
Exploits0References355
OSV
OSV
added 2024/09/16 11:4 a.m.58 views

RHSA-2023:7077 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS8AI score0.03882EPSS
Exploits8References1605
Total number of security vulnerabilities5000