Lucene search
K
OsvMost viewed

907431 matches found

OSV
OSV
added 2019/03/20 12:0 a.m.58 views

DSA-4410-1 openjdk-8 - security update

Bulletin has no description...

3.1CVSS6AI score0.03468EPSS
Exploits0
OSV
OSV
added 2019/02/04 12:0 a.m.58 views

DSA-4384-1 libgd2 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.65116EPSS
Exploits7
OSV
OSV
added 2018/12/21 5:50 p.m.58 views

GHSA-MQ8P-H798-XCRP Exposure of Sensitive Information in Hadoop

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...

9.8CVSS9.1AI score0.03635EPSS
Exploits1References3
OSV
OSV
added 2018/08/06 12:0 a.m.58 views

DSA-4266-1 linux - security update

Bulletin has no description...

7.8CVSS7.1AI score0.7354EPSS
Exploits2
OSV
OSV
added 2017/11/04 12:0 a.m.58 views

DSA-4018-1 openssl - security update

Bulletin has no description...

5.3CVSS6.4AI score0.17699EPSS
Exploits0
OSV
OSV
added 2017/05/24 12:0 a.m.58 views

DSA-3860-1 samba - security update

Bulletin has no description...

10CVSS10AI score0.99448EPSS
Exploits24
OSV
OSV
added 2017/03/16 3:59 p.m.58 views

CVE-2016-10187

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript...

5.5CVSS5.4AI score
Exploits0References5
OSV
OSV
added 2017/03/08 12:0 a.m.58 views

DSA-3804-1 linux - security update

Bulletin has no description...

7.8CVSS7.1AI score0.04666EPSS
Exploits2
OSV
OSV
added 2017/01/10 12:0 a.m.58 views

DLA-779-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.7AI score0.16038EPSS
Exploits0
OSV
OSV
added 2016/10/19 12:0 a.m.58 views

DSA-3696-1 linux - security update

Bulletin has no description...

7.8CVSS7.6AI score0.83524EPSS
Exploits81
OSV
OSV
added 2016/05/23 12:0 a.m.58 views

DLA-486-1 imagemagick - security update

Bulletin has no description...

10CVSS6.6AI score0.97485EPSS
Exploits13
OSV
OSV
added 2014/10/31 12:0 a.m.58 views

DSA-3060-1 linux - security update

Bulletin has no description...

7.8CVSS6.8AI score0.08579EPSS
Exploits4
OSV
OSV
added 2012/12/08 12:0 a.m.58 views

DSA-2583-1 iceweasel - several

Bulletin has no description...

9.3CVSS8.9AI score0.08439EPSS
Exploits4
OSV
OSV
added 2008/10/16 12:0 a.m.58 views

DSA-1655-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

7.2CVSS5.9AI score0.00833EPSS
Exploits9
OSV
OSV
added 2007/06/13 12:0 a.m.58 views

DSA-1305-1 icedove - several vulnerabilities

Bulletin has no description...

9.3CVSS8.2AI score0.04868EPSS
Exploits1
OSV
OSV
added 2026/06/07 12:0 p.m.57 views

RUSTSEC-2026-0173 proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0References3
OSV
OSV
added 2026/05/11 6:6 p.m.57 views

EEF-CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value...

2.1CVSS6AI score0.00145EPSS
Exploits0References3
OSV
OSV
added 2025/07/17 8:9 a.m.57 views

BIT-TOMCAT-2024-24549 Apache Tomcat: HTTP/2 header handling DoS

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS6.9AI score0.23072EPSS
Exploits1References7
OSV
OSV
added 2024/10/02 11:39 a.m.57 views

RHSA-2024:0777 Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

Bulletin has no description...

9.8CVSS8.1AI score0.99999EPSS
Exploits61References121
OSV
OSV
added 2024/10/02 5:7 a.m.57 views

RHSA-2024:5102 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS8AI score0.08555EPSS
Exploits3References756
OSV
OSV
added 2024/08/21 2:30 p.m.57 views

GO-2023-2085 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd...

5CVSS4.7AI score0.005EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 7:15 p.m.57 views

CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.5AI score
Exploits0References4
OSV
OSV
added 2024/06/25 1:49 p.m.57 views

MAL-2024-6694 Malicious code in assembla-cli (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:34 p.m.57 views

MAL-2024-5024 Malicious code in cxcxcx (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/06/15 12:0 a.m.57 views

OPENSUSE-SU-2024:12948-1 ungoogled-chromium-113.0.5672.92-1.1 on GA media

These are all security issues fixed in the ungoogled-chromium-113.0.5672.92-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS9AI score0.99595EPSS
Exploits534References2310
OSV
OSV
added 2023/12/07 1:15 a.m.57 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.1AI score0.01685EPSS
Exploits1References7
OSV
OSV
added 2023/11/14 12:0 a.m.57 views

ALSA-2023:7139 Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

7.5CVSS7.1AI score0.62606EPSS
Exploits0References10
OSV
OSV
added 2023/11/07 12:0 a.m.57 views

ALSA-2023:6659 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

9.8CVSS9.1AI score0.27095EPSS
Exploits3References4
OSV
OSV
added 2023/10/29 12:0 a.m.57 views

DLA-3638-1 h2o - security update

Bulletin has no description...

7.5CVSS8.2AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/22 4:15 a.m.57 views

CVE-2023-46301

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...

9.8CVSS7.6AI score
Exploits0References4
OSV
OSV
added 2023/10/16 12:0 a.m.57 views

ALSA-2023:5749 Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/11 8:35 p.m.57 views

GHSA-4374-P667-P6C8 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References46
OSV
OSV
added 2023/06/01 2:15 a.m.57 views

PYSEC-2023-83

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...

7.5CVSS7.4AI score0.02032EPSS
Exploits1References3
OSV
OSV
added 2023/05/03 9:57 p.m.57 views

GHSA-R97Q-GHCH-82J9 Ghost vulnerable to information disclosure of private API fields

Impact Due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. GhostPro has already been patched. We can find no evidence that the issue was exploited on GhostPro prior to the patch being added. Self-hosters are...

7.5CVSS7.4AI score0.45713EPSS
Exploits0References5
OSV
OSV
added 2023/02/23 12:0 a.m.57 views

DSA-5358-1 asterisk - security update

Bulletin has no description...

9.8CVSS7.3AI score0.01809EPSS
Exploits0
OSV
OSV
added 2023/02/08 9:30 p.m.57 views

GHSA-J2H2-G882-X9J2 Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.6AI score0.01232EPSS
Exploits1References3
OSV
OSV
added 2023/01/31 12:0 a.m.57 views

DLA-3295-1 node-moment - security update

Bulletin has no description...

7.5CVSS7.7AI score0.05664EPSS
Exploits1
OSV
OSV
added 2022/12/09 12:0 a.m.57 views

DSA-5298-1 cacti - security update

Bulletin has no description...

9.8CVSS9.8AI score0.99826EPSS
Exploits48
OSV
OSV
added 2022/12/05 10:15 p.m.57 views

CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

9.8CVSS8.7AI score0.04325EPSS
Exploits1References11
OSV
OSV
added 2022/09/30 12:40 a.m.57 views

GHSA-6263-X97C-C4GG matrix-js-sdk subject to impersonated messages due to permissive key forwarding

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too...

7.5CVSS8AI score0.00946EPSS
Exploits0References8
OSV
OSV
added 2022/09/28 12:0 a.m.57 views

DSA-5242-1 maven-shared-utils - security update

Bulletin has no description...

9.8CVSS9.6AI score0.04031EPSS
Exploits0
OSV
OSV
added 2022/09/26 5:15 a.m.57 views

PYSEC-2022-288

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS4.7AI score0.01893EPSS
Exploits1References5
OSV
OSV
added 2022/09/26 12:0 a.m.57 views

DLA-3120-1 poppler - security update

Bulletin has no description...

7.8CVSS7AI score0.02682EPSS
Exploits7
OSV
OSV
added 2022/09/07 1:0 a.m.57 views

MAL-2022-6974 Malicious code in vscode-clangd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3e05ac1fabef54ef34176e9d555cb6e63b3dfbc2241cf304ab6a1b8b3cd2cc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/08/29 12:0 a.m.57 views

DLA-3085-1 curl - security update

Bulletin has no description...

8.1CVSS6.6AI score0.3197EPSS
Exploits10
OSV
OSV
added 2022/08/15 12:0 a.m.57 views

DSA-5207-1 linux - security update

Bulletin has no description...

7.8CVSS7.5AI score0.12746EPSS
Exploits13
OSV
OSV
added 2022/08/06 12:0 a.m.57 views

DSA-5199-1 xorg-server - security update

Bulletin has no description...

7.8CVSS7.9AI score0.00573EPSS
Exploits0
OSV
OSV
added 2022/06/20 7:27 a.m.57 views

MAL-2022-2913 Malicious code in example-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67077359006aa50f08c2757c83cc757f06c0b0817b3beb029ce4f6e823236c03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/05/14 2:19 a.m.57 views

GHSA-R58R-74GX-6WX3 Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.5AI score0.02963EPSS
Exploits1References12
OSV
OSV
added 2022/04/11 9:18 p.m.57 views

GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...

7.5CVSS7.4AI score0.03549EPSS
Exploits0References15
Total number of security vulnerabilities5000