Lucene search
K
OsvMost viewed

907757 matches found

OSV
OSV
added 2020/07/01 12:0 a.m.58 views

ASB-A-135368228

In i915gemexecbuffer2ioctl of i915gemexecbuffer.c, there is a possible arbitrary kernel memory write due to a missing validation of a userspace pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00572EPSS
Exploits1References2
OSV
OSV
added 2020/02/24 10:15 p.m.58 views

CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.9AI score0.9927EPSS
Exploits45References52
OSV
OSV
added 2019/08/12 12:0 a.m.58 views

DLA-1878-1 php5 - security update

Bulletin has no description...

7.1CVSS7.4AI score0.0442EPSS
Exploits2
OSV
OSV
added 2019/06/03 7:29 p.m.58 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS3.2AI score0.01421EPSS
Exploits0References4
OSV
OSV
added 2018/12/21 5:50 p.m.58 views

GHSA-MQ8P-H798-XCRP Exposure of Sensitive Information in Hadoop

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...

9.8CVSS9.1AI score0.03635EPSS
Exploits1References3
OSV
OSV
added 2017/03/16 3:59 p.m.58 views

CVE-2016-10187

The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript...

5.5CVSS5.4AI score
Exploits0References5
OSV
OSV
added 2016/10/19 12:0 a.m.58 views

DSA-3696-1 linux - security update

Bulletin has no description...

7.8CVSS7.6AI score0.83524EPSS
Exploits81
OSV
OSV
added 2016/05/23 12:0 a.m.58 views

DLA-486-1 imagemagick - security update

Bulletin has no description...

10CVSS6.6AI score0.97485EPSS
Exploits13
OSV
OSV
added 2008/10/16 12:0 a.m.58 views

DSA-1655-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

7.2CVSS5.9AI score0.00833EPSS
Exploits9
OSV
OSV
added 2026/04/04 10:1 a.m.57 views

RHSA-2023:6179 Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

Bulletin has no description...

9.8CVSS8.4AI score0.99999EPSS
Exploits61References49
OSV
OSV
added 2025/07/17 8:9 a.m.57 views

BIT-TOMCAT-2024-24549 Apache Tomcat: HTTP/2 header handling DoS

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS6.9AI score0.23072EPSS
Exploits1References7
OSV
OSV
added 2024/10/02 11:39 a.m.57 views

RHSA-2024:0777 Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

Bulletin has no description...

9.8CVSS8.1AI score0.99999EPSS
Exploits61References121
OSV
OSV
added 2024/10/02 5:7 a.m.57 views

RHSA-2024:5102 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS8AI score0.08555EPSS
Exploits3References756
OSV
OSV
added 2024/08/21 2:30 p.m.57 views

GO-2023-2085 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd...

5CVSS4.7AI score0.005EPSS
Exploits0References4
OSV
OSV
added 2024/08/20 8:26 p.m.57 views

GO-2023-1577 Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd...

9.1CVSS8.9AI score0.00671EPSS
Exploits0References3
OSV
OSV
added 2024/07/01 8:34 p.m.57 views

GHSA-6JJ6-GM7P-FCVV Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

9.8CVSS8.8AI score0.99813EPSS
Exploits26References9
OSV
OSV
added 2024/06/25 1:49 p.m.57 views

MAL-2024-6694 Malicious code in assembla-cli (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.57 views

OPENSUSE-SU-2024:11169-1 php8-8.0.11-1.1 on GA media

These are all security issues fixed in the php8-8.0.11-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS9.1AI score0.99998EPSS
Exploits256References97
OSV
OSV
added 2024/06/15 12:0 a.m.57 views

OPENSUSE-SU-2024:12948-1 ungoogled-chromium-113.0.5672.92-1.1 on GA media

These are all security issues fixed in the ungoogled-chromium-113.0.5672.92-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS9AI score0.99595EPSS
Exploits534References2310
OSV
OSV
added 2024/03/06 11:23 a.m.57 views

BIT-GITLAB-2020-10086

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read...

5.3CVSS5.1AI score0.01331EPSS
Exploits0References3
OSV
OSV
added 2023/12/07 1:15 a.m.57 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.1AI score0.01685EPSS
Exploits1References7
OSV
OSV
added 2023/10/29 12:0 a.m.57 views

DLA-3638-1 h2o - security update

Bulletin has no description...

7.5CVSS8.2AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/22 4:15 a.m.57 views

CVE-2023-46301

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...

9.8CVSS7.6AI score
Exploits0References4
OSV
OSV
added 2023/10/16 12:0 a.m.57 views

ALSA-2023:5749 Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/11 8:35 p.m.57 views

GHSA-4374-P667-P6C8 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References46
OSV
OSV
added 2023/09/12 5:31 p.m.57 views

GO-2023-2052 IsFromLocal local address check can be circumvented in github.com/gofiber/fiber/v2

The Ctx.IsFromLocal function can incorrectly report a request as being sent from localhost when the request contains an X-Forwarded-For header containing a localhost IP address...

5.3CVSS5.2AI score0.00531EPSS
Exploits0References2
OSV
OSV
added 2023/06/01 2:15 a.m.57 views

PYSEC-2023-83

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...

7.5CVSS7.4AI score0.02032EPSS
Exploits1References3
OSV
OSV
added 2023/05/03 9:57 p.m.57 views

GHSA-R97Q-GHCH-82J9 Ghost vulnerable to information disclosure of private API fields

Impact Due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. GhostPro has already been patched. We can find no evidence that the issue was exploited on GhostPro prior to the patch being added. Self-hosters are...

7.5CVSS7.4AI score0.45713EPSS
Exploits0References5
OSV
OSV
added 2023/02/23 12:0 a.m.57 views

DSA-5358-1 asterisk - security update

Bulletin has no description...

9.8CVSS7.3AI score0.01809EPSS
Exploits0
OSV
OSV
added 2023/02/08 9:30 p.m.57 views

GHSA-J2H2-G882-X9J2 Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.6AI score0.01232EPSS
Exploits1References3
OSV
OSV
added 2023/01/31 12:0 a.m.57 views

DLA-3295-1 node-moment - security update

Bulletin has no description...

7.5CVSS7.7AI score0.05664EPSS
Exploits1
OSV
OSV
added 2022/12/05 10:15 p.m.57 views

CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

9.8CVSS8.7AI score0.04325EPSS
Exploits1References11
OSV
OSV
added 2022/12/01 12:0 a.m.57 views

ASB-A-242703118

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.7AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2022/09/30 12:40 a.m.57 views

GHSA-6263-X97C-C4GG matrix-js-sdk subject to impersonated messages due to permissive key forwarding

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too...

7.5CVSS8AI score0.00946EPSS
Exploits0References8
OSV
OSV
added 2022/09/26 5:15 a.m.57 views

PYSEC-2022-288

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS4.7AI score0.01893EPSS
Exploits1References5
OSV
OSV
added 2022/09/07 1:0 a.m.57 views

MAL-2022-6974 Malicious code in vscode-clangd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3e05ac1fabef54ef34176e9d555cb6e63b3dfbc2241cf304ab6a1b8b3cd2cc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/08/29 12:0 a.m.57 views

DLA-3085-1 curl - security update

Bulletin has no description...

8.1CVSS6.6AI score0.3197EPSS
Exploits10
OSV
OSV
added 2022/08/06 12:0 a.m.57 views

DSA-5199-1 xorg-server - security update

Bulletin has no description...

7.8CVSS7.9AI score0.00573EPSS
Exploits0
OSV
OSV
added 2022/05/14 2:19 a.m.57 views

GHSA-R58R-74GX-6WX3 Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.5AI score0.02963EPSS
Exploits1References12
OSV
OSV
added 2022/04/11 9:18 p.m.57 views

GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity

Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...

7.5CVSS7.4AI score0.03549EPSS
Exploits0References15
OSV
OSV
added 2022/03/07 12:0 a.m.57 views

DSA-5092-1 linux - security update

Bulletin has no description...

9CVSS6.8AI score0.88106EPSS
Exploits106
OSV
OSV
added 2022/02/12 12:0 a.m.57 views

DLA-2919-1 python2.7 - security update

Bulletin has no description...

9.8CVSS7.8AI score0.23293EPSS
Exploits1
OSV
OSV
added 2022/01/30 12:0 a.m.57 views

DLA-2904-1 expat - security update

Bulletin has no description...

9.8CVSS8.1AI score0.04829EPSS
Exploits2
OSV
OSV
added 2022/01/27 12:1 a.m.57 views

GHSA-77RM-9X9H-XJ3G Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers

Withdrawn Advisory This advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references. Original Description Nullptr dereference when a null char is present in a proto symbol. The symbol is parse...

8.7CVSS6.6AI score0.0266EPSS
Exploits0References15
OSV
OSV
added 2022/01/20 12:0 a.m.57 views

DSA-5050-1 linux - security update

Bulletin has no description...

8.4CVSS7.3AI score0.25151EPSS
Exploits19
OSV
OSV
added 2021/12/09 12:0 a.m.57 views

DSA-5018-1 python-babel - security update

Bulletin has no description...

7.8CVSS7.8AI score0.00716EPSS
Exploits1
OSV
OSV
added 2021/11/15 11:28 p.m.57 views

GHSA-WMPV-C2JP-J2XG ERC1155Supply vulnerability in OpenZeppelin Contracts

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of...

6.9AI score
Exploits0References2
OSV
OSV
added 2021/11/09 12:0 a.m.57 views

DLA-2814-1 openjdk-8 - security update

Bulletin has no description...

7.1CVSS6.3AI score0.14839EPSS
Exploits0
OSV
OSV
added 2021/10/30 12:0 a.m.57 views

DLA-2802-1 elfutils - security update

Bulletin has no description...

9.8CVSS6.5AI score0.03691EPSS
Exploits6
OSV
OSV
added 2021/10/07 4:15 p.m.57 views

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS1.5AI score0.99964EPSS
Exploits62References31
Total number of security vulnerabilities5000