Lucene search
K
OsvMost viewed

908720 matches found

OSV
OSV
•added 2017/02/07 12:0 a.m.•60 views

DLA-818-1 php5 - security update

Bulletin has no description...

10CVSS8.1AI score0.35438EPSS
Exploits4
OSV
OSV
•added 2016/06/21 12:0 a.m.•60 views

DLA-522-1 python2.7 - security update

Bulletin has no description...

10CVSS8.1AI score0.2548EPSS
Exploits7
OSV
OSV
•added 2016/05/03 12:0 a.m.•60 views

DSA-3566-1 openssl - security update

Bulletin has no description...

10CVSS7.1AI score0.89058EPSS
Exploits7
OSV
OSV
•added 2015/01/27 12:0 a.m.•60 views

DSA-3142-1 eglibc - security update

Bulletin has no description...

10CVSS6.9AI score0.94859EPSS
Exploits31
OSV
OSV
•added 2025/02/26 7:1 a.m.•59 views

DEBIAN-CVE-2022-49542

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system. Call Trace: rawspinlockirqsave+0x32/0x40...

5.5CVSS5.6AI score0.00188EPSS
Exploits0References1
OSV
OSV
•added 2024/12/19 1:22 a.m.•59 views

CGA-G8R9-VV23-F4JF

Bulletin has no description...

5.9CVSS5.5AI score0.00605EPSS
Exploits0
OSV
OSV
•added 2024/11/02 4:56 p.m.•59 views

MGASA-2024-0344 Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.1CVSS6.9AI score0.01367EPSS
Exploits2References8
OSV
OSV
•added 2024/09/16 5:20 p.m.•59 views

RHSA-2024:1141 Red Hat Security Advisory: mysql security update

Bulletin has no description...

7.5CVSS5.9AI score0.01782EPSS
Exploits0References355
OSV
OSV
•added 2024/09/15 11:46 p.m.•59 views

RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update

Bulletin has no description...

7.8CVSS6.4AI score0.04945EPSS
Exploits11References120
OSV
OSV
•added 2024/07/18 10:15 a.m.•59 views

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

7.5CVSS6.5AI score
Exploits0References3
OSV
OSV
•added 2024/07/01 8:34 p.m.•59 views

GHSA-6JJ6-GM7P-FCVV Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

9.8CVSS8.8AI score0.99813EPSS
Exploits26References9
OSV
OSV
•added 2024/06/06 12:25 p.m.•59 views

CGA-C49Q-4CQQ-XWX4

Bulletin has no description...

5.9CVSS6.6AI score0.01001EPSS
Exploits0
OSV
OSV
•added 2024/03/06 11:18 a.m.•59 views

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

9.8CVSS9.3AI score0.01068EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 11:7 a.m.•59 views

BIT-TOMCAT-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.15, from 9.0.0 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to...

7.5CVSS6.6AI score0.02651EPSS
Exploits0References5
OSV
OSV
•added 2024/01/02 6:32 p.m.•59 views

GO-2023-2394 Spoofed source IP address in github.com/shift72/caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictions...

6.5CVSS6.3AI score0.00655EPSS
Exploits0References2
OSV
OSV
•added 2023/12/06 7:15 a.m.•59 views

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

7.1CVSS6.4AI score0.00376EPSS
Exploits0References5
OSV
OSV
•added 2023/11/08 2:51 p.m.•59 views

GHSA-62PR-QQF7-HH89 XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest

Impact XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet by default, everyone including unauthenticated users to execute code including Groovy code. This...

10CVSS9.4AI score0.88534EPSS
Exploits1References6
OSV
OSV
•added 2023/10/25 9:17 p.m.•59 views

GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
OSV
OSV
•added 2023/10/18 4:15 a.m.•59 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

9.8CVSS9AI score0.78483EPSS
Exploits6References16
OSV
OSV
•added 2023/10/10 2:15 p.m.•59 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References168
OSV
OSV
•added 2023/10/06 5:0 a.m.•59 views

RSEC-2023-7 Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities

cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabilities. Versions prior to 0.29.0.gfm.6 suffer from a polynomial time complexity issue in the autolink extension, causing denial of service. Also, versions before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in...

9.8CVSS8.3AI score0.04192EPSS
Exploits3References3
OSV
OSV
•added 2023/10/05 5:0 a.m.•59 views

RSEC-2023-5 Infinite loop, memory leak, and heap-based buffer over-read vulnerabilities

The haven R package is exposed to multiple vulnerabilities due to issues in its underlying ReadStat library. The specific flaws include an infinite loop condition, a memory leak associated with an iconvopen call, and a heap-based buffer over-read via an unterminated string. Exploitation of these...

7.8CVSS7.8AI score0.01163EPSS
Exploits3References5
OSV
OSV
•added 2023/09/28 5:15 a.m.•59 views

PYSEC-2023-179

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

8.1CVSS7.4AI score0.02919EPSS
Exploits1References4
OSV
OSV
•added 2023/09/05 12:0 a.m.•59 views

DLA-3555-1 php7.3 - security update

Bulletin has no description...

9.8CVSS8.6AI score0.08003EPSS
Exploits4
OSV
OSV
•added 2023/08/23 8:42 p.m.•59 views

GHSA-V86X-5FM3-5P7J Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. Patches Users can upgrade to Alertmanager v0.2.51. Workarounds Users can setup a reverse proxy in front of the...

5.4CVSS6.6AI score0.00568EPSS
Exploits0References4
OSV
OSV
•added 2023/08/11 3:15 a.m.•59 views

CVE-2022-41804

Unauthorized error injection in IntelR SGX or IntelR TDX for some IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7.3AI score
Exploits0References6
OSV
OSV
•added 2023/08/01 12:0 a.m.•59 views

ALSA-2023:4419 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS8.9AI score0.76768EPSS
Exploits10References4
OSV
OSV
•added 2023/07/03 5:15 p.m.•59 views

PYSEC-2023-113

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References2
OSV
OSV
•added 2023/06/08 12:15 a.m.•59 views

PYSEC-2023-90

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

9.1CVSS10AI score0.00651EPSS
Exploits0References3
OSV
OSV
•added 2023/04/21 10:32 p.m.•59 views

GHSA-2CCF-FFRJ-M4QW CSRF token fixation in fastify-passport

The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...

6.5CVSS6.5AI score0.00384EPSS
Exploits0References6
OSV
OSV
•added 2023/03/13 12:0 a.m.•59 views

DSA-5372-1 rails - security update

Bulletin has no description...

9.8CVSS6.9AI score0.04182EPSS
Exploits2
OSV
OSV
•added 2022/12/22 8:40 p.m.•59 views

GO-2022-1118 Improper validation of UUIDs in github.com/codenotary/immudb

A malicious server can trick a client into treating it as a different server by changing the reported UUID. immudb client SDKs use the server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple server...

5.9CVSS5.5AI score0.00261EPSS
Exploits0References2
OSV
OSV
•added 2022/12/20 11:15 p.m.•59 views

CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

9.8CVSS5AI score
Exploits0References6
OSV
OSV
•added 2022/12/14 9:30 p.m.•59 views

GHSA-7GPW-FRPH-FWRG TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)

An issue was discovered in the fpmasterquiz aka Master-Quiz extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers...

6.5CVSS6.4AI score0.00364EPSS
Exploits0References5
OSV
OSV
•added 2022/12/12 12:0 a.m.•59 views

DLA-3236-1 openexr - security update

Bulletin has no description...

7.5CVSS6.2AI score0.01848EPSS
Exploits5
OSV
OSV
•added 2022/11/23 12:0 a.m.•59 views

CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

4.7CVSS5.6AI score0.0048EPSS
Exploits1References8
OSV
OSV
•added 2022/11/06 12:0 a.m.•59 views

DSA-5272-1 xen - security update

Bulletin has no description...

8.8CVSS6.3AI score0.00289EPSS
Exploits0
OSV
OSV
•added 2022/09/09 7:15 p.m.•59 views

PYSEC-2022-270

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS2AI score0.00924EPSS
Exploits0References2
OSV
OSV
•added 2022/08/15 12:0 a.m.•59 views

DSA-5207-1 linux - security update

Bulletin has no description...

7.8CVSS7.5AI score0.12746EPSS
Exploits13
OSV
OSV
•added 2022/07/22 12:0 a.m.•59 views

DSA-5188-1 openjdk-11 - security update

Bulletin has no description...

7.5CVSS6.9AI score0.17673EPSS
Exploits2
OSV
OSV
•added 2022/06/10 12:15 p.m.•59 views

PYSEC-2022-207

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS3.1AI score0.00763EPSS
Exploits0References3
OSV
OSV
•added 2022/05/24 5:33 p.m.•59 views

GHSA-7PXG-6P87-8C9V Magento 2 Community Edition RCE via Unsafe File Upload

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9.1CVSS9AI score0.0552EPSS
Exploits1References3
OSV
OSV
•added 2022/04/28 11:35 p.m.•59 views

GO-2021-0412 Incorrect authorization in github.com/containerd/imgcrypt

The imgcrypt library provides API extensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

7.5CVSS7.5AI score0.02676EPSS
Exploits1References3
OSV
OSV
•added 2022/03/18 11:10 p.m.•59 views

GHSA-X4JG-MJRX-434G Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References5
OSV
OSV
•added 2022/03/07 12:0 a.m.•59 views

DSA-5092-1 linux - security update

Bulletin has no description...

9CVSS6.8AI score0.88106EPSS
Exploits106
OSV
OSV
•added 2022/03/01 12:0 a.m.•59 views

ASB-A-193149550

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00126EPSS
Exploits0References2
OSV
OSV
•added 2022/02/15 1:57 a.m.•59 views

GHSA-WF43-55JJ-VWQ8 DNS Rebinding in etcd

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

5.5CVSS6.5AI score0.00512EPSS
Exploits1References6
OSV
OSV
•added 2022/02/15 1:57 a.m.•59 views

GHSA-H5RH-W6VM-9GHC Denial of service in Grafana

The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Specific Go Packages Affected github.com/grafana/grafana/pkg/middleware...

8.2CVSS6.6AI score0.83042EPSS
Exploits0References6
OSV
OSV
•added 2022/02/15 1:57 a.m.•59 views

GHSA-XGXP-9X8P-GCW4 SQL Injection

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS7.3AI score0.4644EPSS
Exploits0References6
OSV
OSV
•added 2022/02/01 12:0 a.m.•59 views

DLA-2907-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.9AI score0.97108EPSS
Exploits4
Total number of security vulnerabilities5000