Lucene search
K
OsvMost viewed

907404 matches found

OSV
OSV
added 2024/09/16 11:4 a.m.58 views

RHSA-2023:7077 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS8AI score0.03882EPSS
Exploits8References1605
OSV
OSV
added 2024/08/20 8:31 p.m.58 views

GO-2023-1940 1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel

1Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel...

8.8CVSS7.9AI score0.05354EPSS
Exploits1References4
OSV
OSV
added 2024/07/22 6:24 p.m.58 views

GO-2024-2989 projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei

projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...

7.4CVSS7.5AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 2:1 p.m.58 views

SUSE-SU-2024:2360-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47103: net: sock: preserve kabi for sock bsc1221010. - CVE-2021-47191: Fix out-of-bound read in respreadcap16 bsc1222866. - CVE-2021-47267: usb: fix...

9.1CVSS8.5AI score0.67994EPSS
Exploits9References312
OSV
OSV
added 2024/06/14 1:59 p.m.58 views

RLSA-2024:3618 Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 kernel: Information disclosure in vhost/vhost.c:vhostnewmsg CVE-2024-0340 kernel: untrusted VMM can...

8.8CVSS7.3AI score0.00969EPSS
Exploits0References58
OSV
OSV
added 2024/06/09 8:15 p.m.58 views

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS7AI score0.99987EPSS
Exploits64References23
OSV
OSV
added 2024/06/05 3:10 p.m.58 views

GO-2024-2875 Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki

Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki...

7.1CVSS6.6AI score0.00395EPSS
Exploits0References3
OSV
OSV
added 2024/05/15 5:10 p.m.58 views

GHSA-X3WM-HFFR-CHWM Amazon JDBC Driver for Redshift SQL Injection via line comment generation

Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that...

10CVSS9.7AI score0.00778EPSS
Exploits0References8
OSV
OSV
added 2024/04/30 12:0 a.m.58 views

ALSA-2024:2551 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References14
OSV
OSV
added 2024/04/16 7:20 p.m.58 views

CVE-2024-31446 OpenComputers Denial of Service using xpcall

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

7.7CVSS7.2AI score0.00604EPSS
Exploits0References4
OSV
OSV
added 2024/04/08 12:0 a.m.58 views

ALSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

9.8CVSS7.5AI score0.03168EPSS
Exploits0References16
OSV
OSV
added 2024/02/26 6:30 p.m.58 views

GHSA-V8VJ-CV27-HJV8 LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

9.8CVSS8.9AI score0.00766EPSS
Exploits0References3
OSV
OSV
added 2023/10/18 4:15 a.m.58 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

9.8CVSS9AI score0.78483EPSS
Exploits6References16
OSV
OSV
added 2023/10/18 12:0 a.m.58 views

ALSA-2023:5863 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References6
OSV
OSV
added 2023/10/06 5:0 a.m.58 views

RSEC-2023-6 Denial of Service (DoS) vulnerability

The commonmark package, specifically in its dependency on GitHub Flavored Markdown before version 0.29.0.gfm.1, has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take On n time, leading to potential Denial of Service attacks. This issue does not affect th...

6.5CVSS6.2AI score0.01566EPSS
Exploits0References3
OSV
OSV
added 2023/08/07 8:55 p.m.59 views

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

6.8CVSS8.8AI score0.02437EPSS
Exploits1References6
OSV
OSV
added 2023/08/01 12:0 a.m.58 views

ALSA-2023:4419 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS8.9AI score0.76768EPSS
Exploits10References4
OSV
OSV
added 2023/06/23 12:0 a.m.58 views

DLA-3469-1 lua5.3 - security update

Bulletin has no description...

7.5CVSS6.6AI score0.17224EPSS
Exploits6
OSV
OSV
added 2023/05/16 12:0 a.m.58 views

ALSA-2023:2758 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

7.5CVSS8.7AI score0.05623EPSS
Exploits5References30
OSV
OSV
added 2023/03/13 12:0 a.m.58 views

DSA-5372-1 rails - security update

Bulletin has no description...

9.8CVSS6.9AI score0.04182EPSS
Exploits2
OSV
OSV
added 2023/01/23 12:0 a.m.58 views

ALSA-2023:0318 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql: SQL Injection in ResultSet.refreshRow with malicious column names CVE-2022-31197 For mo...

8CVSS7.8AI score0.01662EPSS
Exploits1References4
OSV
OSV
added 2022/12/20 11:15 p.m.58 views

CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

9.8CVSS5AI score
Exploits0References6
OSV
OSV
added 2022/12/12 12:0 a.m.58 views

DLA-3236-1 openexr - security update

Bulletin has no description...

7.5CVSS6.2AI score0.01848EPSS
Exploits5
OSV
OSV
added 2022/11/06 12:0 a.m.58 views

DSA-5272-1 xen - security update

Bulletin has no description...

8.8CVSS6.3AI score0.00289EPSS
Exploits0
OSV
OSV
added 2022/09/09 7:15 p.m.58 views

PYSEC-2022-270

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS2AI score0.00924EPSS
Exploits0References2
OSV
OSV
added 2022/08/11 12:0 a.m.58 views

DSA-5205-1 samba - security update

Bulletin has no description...

8.8CVSS6.7AI score0.01064EPSS
Exploits0
OSV
OSV
added 2022/07/22 12:0 a.m.58 views

DSA-5188-1 openjdk-11 - security update

Bulletin has no description...

7.5CVSS6.9AI score0.17673EPSS
Exploits2
OSV
OSV
added 2022/06/30 12:0 a.m.58 views

CVE-2022-2056

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

5.5CVSS4.9AI score0.01206EPSS
Exploits1References10
OSV
OSV
added 2022/04/24 9:53 p.m.58 views

GSD-2022-1001906 ext4: make mb_optimize_scan performance mount option work with extents

ext4: make mboptimizescan performance mount option work with extents This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/04/06 5:15 p.m.58 views

CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

7.5CVSS7.4AI score0.01594EPSS
Exploits0References7
OSV
OSV
added 2022/02/15 1:57 a.m.58 views

GHSA-XGXP-9X8P-GCW4 SQL Injection

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS7.3AI score0.4644EPSS
Exploits0References6
OSV
OSV
added 2022/02/01 12:0 a.m.58 views

DLA-2907-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.9AI score0.97108EPSS
Exploits4
OSV
OSV
added 2021/12/17 7:15 p.m.58 views

PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

5.3CVSS5.3AI score0.01561EPSS
Exploits1References2
OSV
OSV
added 2021/10/08 12:0 a.m.58 views

DSA-4982-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.4AI score0.99999EPSS
Exploits5
OSV
OSV
added 2021/09/08 8:14 p.m.58 views

GHSA-CCW8-7688-VQX4 HashiCorp Consul Privilege Escalation Vulnerability

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...

8.8CVSS8.4AI score0.0123EPSS
Exploits0References9
OSV
OSV
added 2021/05/27 8:15 p.m.58 views

CVE-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...

9CVSS8.3AI score0.05539EPSS
Exploits0References5
OSV
OSV
added 2021/04/15 9:15 p.m.58 views

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

6.5CVSS6.5AI score
Exploits0References7
OSV
OSV
added 2021/03/29 8:23 p.m.58 views

GHSA-4QWP-7C67-JMCC Unauthenticated remote code execution in Ignition

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2...

9.8CVSS9.9AI score0.99943EPSS
Exploits36References9
OSV
OSV
added 2021/01/01 12:0 a.m.58 views

DSA-4824-1 chromium - security update

Bulletin has no description...

9.6CVSS8.6AI score0.99595EPSS
Exploits52
OSV
OSV
added 2020/12/31 9:15 a.m.58 views

CVE-2020-35913

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness...

4.7CVSS7.1AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 9:15 a.m.58 views

CVE-2020-35912

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness...

4.7CVSS7.1AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2020/11/03 12:33 p.m.58 views

RLSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...

6.6CVSS7.3AI score0.81466EPSS
Exploits6References15
OSV
OSV
added 2020/10/19 12:0 a.m.58 views

DSA-4774-1 linux - security update

Bulletin has no description...

8.8CVSS7.8AI score0.07693EPSS
Exploits8
OSV
OSV
added 2020/09/01 12:0 a.m.58 views

ASB-A-150693748

In lockswakeupblocks of locks.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.7CVSS7.1AI score0.01337EPSS
Exploits0References3
OSV
OSV
added 2020/07/01 12:0 a.m.58 views

ASB-A-135368228

In i915gemexecbuffer2ioctl of i915gemexecbuffer.c, there is a possible arbitrary kernel memory write due to a missing validation of a userspace pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00572EPSS
Exploits1References2
OSV
OSV
added 2019/08/13 12:0 a.m.58 views

DLA-1883-1 tomcat8 - security update

Bulletin has no description...

9.8CVSS7AI score0.50896EPSS
Exploits3
OSV
OSV
added 2019/08/12 12:0 a.m.58 views

DLA-1878-1 php5 - security update

Bulletin has no description...

7.1CVSS7.4AI score0.0442EPSS
Exploits2
OSV
OSV
added 2019/06/03 7:29 p.m.58 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS3.2AI score0.01421EPSS
Exploits0References4
OSV
OSV
added 2019/03/20 12:0 a.m.58 views

DSA-4410-1 openjdk-8 - security update

Bulletin has no description...

3.1CVSS6AI score0.03468EPSS
Exploits0
OSV
OSV
added 2019/02/04 12:0 a.m.58 views

DSA-4384-1 libgd2 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.65116EPSS
Exploits7
Total number of security vulnerabilities5000