Lucene search
K
OsvMost viewed

910463 matches found

OSV
OSV
•added 2018/03/29 12:0 a.m.•60 views

DLA-1326-1 php5 - security update

Bulletin has no description...

9.8CVSS7.5AI score0.87883EPSS
Exploits3
OSV
OSV
•added 2017/11/04 12:0 a.m.•60 views

DSA-4018-1 openssl - security update

Bulletin has no description...

5.3CVSS6.4AI score0.17699EPSS
Exploits0
OSV
OSV
•added 2017/10/24 6:33 p.m.•60 views

GHSA-6MQ2-37J5-W6R6 WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

7.5CVSS9.1AI score0.15684EPSS
Exploits2References13
OSV
OSV
•added 2017/10/16 12:0 a.m.•60 views

DSA-3999-1 wpa - security update

Bulletin has no description...

8.1CVSS7.1AI score0.04575EPSS
Exploits1
OSV
OSV
•added 2017/07/12 12:0 a.m.•60 views

DSA-3908-1 nginx - security update

Bulletin has no description...

7.5CVSS7.5AI score0.62597EPSS
Exploits6
OSV
OSV
•added 2017/02/07 12:0 a.m.•60 views

DLA-818-1 php5 - security update

Bulletin has no description...

10CVSS8.1AI score0.35438EPSS
Exploits4
OSV
OSV
•added 2016/06/21 12:0 a.m.•60 views

DLA-522-1 python2.7 - security update

Bulletin has no description...

10CVSS8.1AI score0.2548EPSS
Exploits7
OSV
OSV
•added 2016/05/03 12:0 a.m.•60 views

DSA-3566-1 openssl - security update

Bulletin has no description...

10CVSS7.1AI score0.89058EPSS
Exploits7
OSV
OSV
•added 2025/02/26 7:1 a.m.•59 views

DEBIAN-CVE-2022-49542

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system. Call Trace: rawspinlockirqsave+0x32/0x40...

5.5CVSS5.6AI score0.00188EPSS
Exploits0References1
OSV
OSV
•added 2025/02/05 7:51 p.m.•59 views

MGASA-2025-0037 Updated chromium-browser-stable packages fix security vulnerability

Use after free in DevTools. CVE-2025-0762...

8.8CVSS9.1AI score0.00339EPSS
Exploits0References3
OSV
OSV
•added 2024/12/19 1:22 a.m.•59 views

CGA-G8R9-VV23-F4JF

Bulletin has no description...

5.9CVSS5.5AI score0.00605EPSS
Exploits0
OSV
OSV
•added 2024/09/25 5:23 a.m.•59 views

CGA-FW4G-9MF4-P6PC

Bulletin has no description...

5.4CVSS4.5AI score0.00305EPSS
Exploits0
OSV
OSV
•added 2024/09/16 5:20 p.m.•59 views

RHSA-2024:1141 Red Hat Security Advisory: mysql security update

Bulletin has no description...

7.5CVSS5.9AI score0.01782EPSS
Exploits0References355
OSV
OSV
•added 2024/09/15 11:46 p.m.•59 views

RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update

Bulletin has no description...

7.8CVSS6.4AI score0.04945EPSS
Exploits11References120
OSV
OSV
•added 2024/07/18 10:15 a.m.•59 views

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

7.5CVSS6.5AI score
Exploits0References3
OSV
OSV
•added 2024/07/01 8:34 p.m.•59 views

GHSA-6JJ6-GM7P-FCVV Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

9.8CVSS8.8AI score0.99813EPSS
Exploits26References9
OSV
OSV
•added 2024/07/01 7:15 p.m.•59 views

CVE-2024-39573

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS6.5AI score
Exploits0References4
OSV
OSV
•added 2024/06/06 12:25 p.m.•59 views

CGA-C49Q-4CQQ-XWX4

Bulletin has no description...

5.9CVSS6.6AI score0.01001EPSS
Exploits0
OSV
OSV
•added 2024/03/06 11:18 a.m.•59 views

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

9.8CVSS9.3AI score0.01068EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 11:7 a.m.•59 views

BIT-TOMCAT-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.15, from 9.0.0 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to...

7.5CVSS6.6AI score0.02651EPSS
Exploits0References5
OSV
OSV
•added 2024/03/06 11:3 a.m.•59 views

BIT-PRESTASHOP-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

9.8CVSS10AI score0.01342EPSS
Exploits0References3
OSV
OSV
•added 2024/01/02 6:32 p.m.•59 views

GO-2023-2394 Spoofed source IP address in github.com/shift72/caddy-geo-ip

The caddy-geo-ip aka GeoIP middleware for Caddy 2 allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism trustedproxy directive in reverseproxy or IP address range restrictions...

6.5CVSS6.3AI score0.00655EPSS
Exploits0References2
OSV
OSV
•added 2023/10/25 9:17 p.m.•59 views

GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
OSV
OSV
•added 2023/10/18 4:15 a.m.•59 views

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host na...

9.8CVSS9AI score0.78483EPSS
Exploits6References16
OSV
OSV
•added 2023/10/10 2:15 p.m.•59 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References168
OSV
OSV
•added 2023/10/06 5:0 a.m.•59 views

RSEC-2023-6 Denial of Service (DoS) vulnerability

The commonmark package, specifically in its dependency on GitHub Flavored Markdown before version 0.29.0.gfm.1, has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take On n time, leading to potential Denial of Service attacks. This issue does not affect th...

6.5CVSS6.2AI score0.01566EPSS
Exploits0References3
OSV
OSV
•added 2023/10/05 5:0 a.m.•59 views

RSEC-2023-5 Infinite loop, memory leak, and heap-based buffer over-read vulnerabilities

The haven R package is exposed to multiple vulnerabilities due to issues in its underlying ReadStat library. The specific flaws include an infinite loop condition, a memory leak associated with an iconvopen call, and a heap-based buffer over-read via an unterminated string. Exploitation of these...

7.8CVSS7.8AI score0.01163EPSS
Exploits3References5
OSV
OSV
•added 2023/09/28 5:15 a.m.•59 views

PYSEC-2023-179

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

8.1CVSS7.4AI score0.02919EPSS
Exploits1References4
OSV
OSV
•added 2023/08/23 8:42 p.m.•59 views

GHSA-V86X-5FM3-5P7J Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Impact An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. Patches Users can upgrade to Alertmanager v0.2.51. Workarounds Users can setup a reverse proxy in front of the...

5.4CVSS6.6AI score0.00568EPSS
Exploits0References4
OSV
OSV
•added 2023/08/03 4:35 p.m.•59 views

GHSA-GPCV-P28P-FV2P odoh-rs's Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...

5.9CVSS5.6AI score0.0065EPSS
Exploits0References6
OSV
OSV
•added 2023/08/01 12:0 a.m.•59 views

ALSA-2023:4419 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS8.9AI score0.76768EPSS
Exploits10References4
OSV
OSV
•added 2023/07/03 5:15 p.m.•59 views

PYSEC-2023-113

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References2
OSV
OSV
•added 2023/06/08 12:15 a.m.•59 views

PYSEC-2023-90

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

9.1CVSS10AI score0.00651EPSS
Exploits0References3
OSV
OSV
•added 2023/04/20 9:33 p.m.•59 views

GHSA-WH3W-JCC7-MHMF pretalx vulnerable to path traversal in HTML export

pretalx before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

7.1CVSS6.4AI score0.06648EPSS
Exploits1References7
OSV
OSV
•added 2023/03/13 12:0 a.m.•59 views

DSA-5372-1 rails - security update

Bulletin has no description...

9.8CVSS6.9AI score0.04182EPSS
Exploits2
OSV
OSV
•added 2023/02/08 9:30 p.m.•59 views

GHSA-J2H2-G882-X9J2 Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.6AI score0.01232EPSS
Exploits1References3
OSV
OSV
•added 2022/12/22 8:40 p.m.•59 views

GO-2022-1118 Improper validation of UUIDs in github.com/codenotary/immudb

A malicious server can trick a client into treating it as a different server by changing the reported UUID. immudb client SDKs use the server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple server...

5.9CVSS5.5AI score0.00261EPSS
Exploits0References2
OSV
OSV
•added 2022/12/20 11:15 p.m.•59 views

CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...

9.8CVSS5AI score
Exploits0References6
OSV
OSV
•added 2022/12/12 12:0 a.m.•59 views

DLA-3236-1 openexr - security update

Bulletin has no description...

7.5CVSS6.2AI score0.01848EPSS
Exploits5
OSV
OSV
•added 2022/11/06 12:0 a.m.•59 views

DSA-5272-1 xen - security update

Bulletin has no description...

8.8CVSS6.3AI score0.00289EPSS
Exploits0
OSV
OSV
•added 2022/09/09 7:15 p.m.•59 views

PYSEC-2022-270

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS2AI score0.00924EPSS
Exploits0References2
OSV
OSV
•added 2022/08/15 12:0 a.m.•59 views

DSA-5207-1 linux - security update

Bulletin has no description...

7.8CVSS7.5AI score0.12746EPSS
Exploits13
OSV
OSV
•added 2022/07/22 12:0 a.m.•59 views

DSA-5188-1 openjdk-11 - security update

Bulletin has no description...

7.5CVSS6.9AI score0.17673EPSS
Exploits2
OSV
OSV
•added 2022/06/20 7:27 a.m.•59 views

MAL-2022-2913 Malicious code in example-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67077359006aa50f08c2757c83cc757f06c0b0817b3beb029ce4f6e823236c03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2022/06/10 12:15 p.m.•59 views

PYSEC-2022-207

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS3.1AI score0.00763EPSS
Exploits0References3
OSV
OSV
•added 2022/05/24 5:33 p.m.•59 views

GHSA-7PXG-6P87-8C9V Magento 2 Community Edition RCE via Unsafe File Upload

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9.1CVSS9AI score0.0552EPSS
Exploits1References3
OSV
OSV
•added 2022/04/28 11:35 p.m.•59 views

GO-2021-0412 Incorrect authorization in github.com/containerd/imgcrypt

The imgcrypt library provides API extensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function CheckAuthorization is supposed to check whether the current used is...

7.5CVSS7.5AI score0.02676EPSS
Exploits1References3
OSV
OSV
•added 2022/03/18 11:10 p.m.•59 views

GHSA-X4JG-MJRX-434G Improper Verification of Cryptographic Signature in node-forge

Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References5
OSV
OSV
•added 2022/03/07 12:0 a.m.•59 views

DSA-5092-1 linux - security update

Bulletin has no description...

9CVSS6.8AI score0.88106EPSS
Exploits106
OSV
OSV
•added 2022/03/01 12:0 a.m.•59 views

ASB-A-193149550

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00126EPSS
Exploits0References2
Total number of security vulnerabilities5000