Lucene search
K
OsvMost viewed

908476 matches found

OSV
OSV
added 2022/02/28 12:0 p.m.60 views

RUSTSEC-2022-0011 Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

7.3AI score
Exploits0References2
OSV
OSV
added 2022/02/12 12:0 a.m.60 views

DSA-5073-1 expat - security update

Bulletin has no description...

9.8CVSS8.1AI score0.04829EPSS
Exploits2
OSV
OSV
added 2022/02/07 9:57 p.m.60 views

GHSA-CH68-7CF4-35VR Limited ability to spoof SAML authentication with missing audience verification in Fleet

Impact This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reuse the SAML response to log into Fleet as a user -- only if the user has an account with the same email in Fleet, and the user signs into the malicious SP via SAML SSO...

5.3CVSS5.6AI score0.00889EPSS
Exploits0References4
OSV
OSV
added 2021/12/30 12:0 a.m.60 views

DLA-2871-1 lxml - security update

Bulletin has no description...

8.2CVSS7.7AI score0.02456EPSS
Exploits0
OSV
OSV
added 2021/11/01 12:0 a.m.60 views

ASB-A-195630721

In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACTACROSSPROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.8AI score0.00105EPSS
Exploits0References2
OSV
OSV
added 2021/09/29 5:11 p.m.60 views

GHSA-H73Q-5WMJ-Q8PJ Cross site scripting in datatables.net

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

6.1CVSS5.5AI score0.01837EPSS
Exploits1References9
OSV
OSV
added 2021/06/30 12:39 a.m.60 views

UVI-2021-1001091 mm/slub: actually fix freelist pointer vs redzoning

mm/slub: actually fix freelist pointer vs redzoning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2020/12/17 12:0 a.m.60 views

DLA-2498-1 xerces-c - security update

Bulletin has no description...

8.1CVSS8.2AI score0.09503EPSS
Exploits0
OSV
OSV
added 2020/12/01 12:0 a.m.60 views

ASB-A-158854097

In smpkeydistribution of smpact.cc, there are possible vulnerabilities in Cross-Transport Key Derivation due to weaknesses in the Bluetooth standard. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9CVSS5.9AI score0.07137EPSS
Exploits1References2
OSV
OSV
added 2020/11/29 12:0 p.m.60 views

RUSTSEC-2020-0075 Unexpected panic when decoding tokens

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...

5.5CVSS5.4AI score0.00465EPSS
Exploits1References3
OSV
OSV
added 2020/11/03 12:29 p.m.60 views

RLSA-2020:4847 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

8.6CVSS9.1AI score0.9927EPSS
Exploits65References41
OSV
OSV
added 2020/10/19 12:0 a.m.60 views

DSA-4774-1 linux - security update

Bulletin has no description...

8.8CVSS7.8AI score0.07693EPSS
Exploits8
OSV
OSV
added 2020/09/09 12:0 a.m.60 views

DLA-2369-1 libxml2 - security update

Bulletin has no description...

9.1CVSS6.6AI score0.07836EPSS
Exploits1
OSV
OSV
added 2020/09/01 12:0 a.m.60 views

ASB-A-150693748

In lockswakeupblocks of locks.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.7CVSS7.1AI score0.01337EPSS
Exploits0References3
OSV
OSV
added 2020/06/10 8:2 p.m.60 views

GHSA-6VWP-35W3-XPH8 Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

9.8CVSS9.5AI score0.49285EPSS
Exploits2References14
OSV
OSV
added 2020/05/15 12:0 a.m.60 views

DLA-2211-1 log4net - security update

Bulletin has no description...

9.8CVSS7.2AI score0.49839EPSS
Exploits0
OSV
OSV
added 2020/05/11 12:0 a.m.60 views

DLA-2209-1 tomcat8 - security update

Bulletin has no description...

9.8CVSS7.1AI score0.9927EPSS
Exploits59
OSV
OSV
added 2020/04/26 12:0 a.m.60 views

DLA-2188-1 php5 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.04311EPSS
Exploits3
OSV
OSV
added 2020/04/15 9:8 p.m.60 views

GHSA-XFQH-7356-VQJJ Exposure of Sensitive Information to an Unauthorized Actor in Keycloak

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS4.4AI score0.00717EPSS
Exploits0References2
OSV
OSV
added 2020/02/18 12:0 a.m.60 views

DSA-4628-1 php7.0 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.08888EPSS
Exploits5
OSV
OSV
added 2019/09/01 12:0 a.m.60 views

DSA-4511-1 nghttp2 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.82017EPSS
Exploits0
OSV
OSV
added 2019/06/05 12:0 a.m.60 views

DSA-4456-1 exim4 - security update

Bulletin has no description...

10CVSS7.2AI score0.99961EPSS
Exploits27
OSV
OSV
added 2019/04/24 5:29 p.m.60 views

PYSEC-2019-225

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS2.5AI score0.0043EPSS
Exploits0References1
OSV
OSV
added 2019/04/09 12:0 a.m.60 views

DLA-1754-1 samba - security update

Bulletin has no description...

8.8CVSS6.1AI score0.10308EPSS
Exploits2
OSV
OSV
added 2019/03/20 12:0 a.m.60 views

DSA-4410-1 openjdk-8 - security update

Bulletin has no description...

3.1CVSS6AI score0.03374EPSS
Exploits0
OSV
OSV
added 2019/02/28 12:0 a.m.60 views

DSA-4398-1 php7.0 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.10059EPSS
Exploits5
OSV
OSV
added 2019/02/04 12:0 a.m.60 views

DSA-4384-1 libgd2 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.65116EPSS
Exploits7
OSV
OSV
added 2018/11/30 12:0 a.m.60 views

DSA-4348-1 openssl - security update

Bulletin has no description...

7.5CVSS6.8AI score0.49268EPSS
Exploits4
OSV
OSV
added 2018/10/01 12:0 a.m.60 views

DSA-4308-1 linux - security update

Bulletin has no description...

8.4CVSS6.9AI score0.08743EPSS
Exploits8
OSV
OSV
added 2018/06/27 12:0 a.m.60 views

DLA-1400-1 tomcat7 - security update

Bulletin has no description...

9.8CVSS6.8AI score0.708EPSS
Exploits6
OSV
OSV
added 2018/06/26 12:0 a.m.60 views

DLA-1397-1 php5 - security update

Bulletin has no description...

9.8CVSS7AI score0.87883EPSS
Exploits3
OSV
OSV
added 2018/03/29 12:0 a.m.60 views

DLA-1326-1 php5 - security update

Bulletin has no description...

9.8CVSS7.5AI score0.87883EPSS
Exploits3
OSV
OSV
added 2017/10/24 6:33 p.m.60 views

GHSA-6MQ2-37J5-W6R6 WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

7.5CVSS9.1AI score0.15684EPSS
Exploits2References13
OSV
OSV
added 2017/10/16 12:0 a.m.60 views

DSA-3999-1 wpa - security update

Bulletin has no description...

8.1CVSS7.1AI score0.04575EPSS
Exploits1
OSV
OSV
added 2017/02/07 12:0 a.m.60 views

DLA-818-1 php5 - security update

Bulletin has no description...

10CVSS8.1AI score0.35438EPSS
Exploits4
OSV
OSV
added 2016/06/21 12:0 a.m.60 views

DLA-522-1 python2.7 - security update

Bulletin has no description...

10CVSS8.1AI score0.2548EPSS
Exploits7
OSV
OSV
added 2016/05/03 12:0 a.m.60 views

DSA-3566-1 openssl - security update

Bulletin has no description...

10CVSS7.1AI score0.89058EPSS
Exploits7
OSV
OSV
added 2015/01/27 12:0 a.m.60 views

DSA-3142-1 eglibc - security update

Bulletin has no description...

10CVSS6.9AI score0.94859EPSS
Exploits31
OSV
OSV
added 2014/12/31 12:0 a.m.60 views

DSA-3117-1 php5 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.53166EPSS
Exploits9
OSV
OSV
added 2013/09/27 12:0 a.m.60 views

DSA-2766-1 linux-2.6 - several

Bulletin has no description...

6.9CVSS7AI score0.04707EPSS
Exploits7
OSV
OSV
added 2026/06/07 12:0 p.m.59 views

RUSTSEC-2026-0173 proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/06/03 6:56 p.m.59 views

ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root

Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...

6.6CVSS5.2AI score0.00236EPSS
Exploits1
OSV
OSV
added 2025/06/19 6:15 p.m.59 views

PYSEC-2025-186

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

4.8CVSS4.6AI score0.00184EPSS
Exploits1References6
OSV
OSV
added 2025/02/26 7:1 a.m.59 views

DEBIAN-CVE-2022-49542

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system. Call Trace: rawspinlockirqsave+0x32/0x40...

5.5CVSS5.6AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2024/12/19 1:22 a.m.59 views

CGA-G8R9-VV23-F4JF

Bulletin has no description...

5.9CVSS5.5AI score0.00605EPSS
Exploits0
OSV
OSV
added 2024/09/16 5:20 p.m.59 views

RHSA-2024:1141 Red Hat Security Advisory: mysql security update

Bulletin has no description...

7.5CVSS5.9AI score0.01782EPSS
Exploits0References355
OSV
OSV
added 2024/09/15 11:46 p.m.59 views

RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update

Bulletin has no description...

7.8CVSS6.4AI score0.04945EPSS
Exploits11References120
OSV
OSV
added 2024/07/18 10:15 a.m.59 views

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

7.5CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2024/06/06 12:25 p.m.59 views

CGA-C49Q-4CQQ-XWX4

Bulletin has no description...

5.9CVSS6.6AI score0.01001EPSS
Exploits0
OSV
OSV
added 2024/03/06 11:18 a.m.59 views

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

9.8CVSS9.3AI score0.01068EPSS
Exploits0References3
Total number of security vulnerabilities5000