Lucene search
K
OsvMost viewed

907431 matches found

OSV
OSV
•added 2021/05/18 5:33 a.m.•56 views

ALSA-2021:1578 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer overflow in IntelR Graphics Drivers CVE-2020-12362 kernel: memory leak in sofsetgetlargectrldata function in sound/soc/sof/ipc.c CVE-2019-18811 kernel: use-after-free caused by a...

7.8CVSS8.5AI score0.03292EPSS
Exploits6References26
OSV
OSV
•added 2021/05/01 12:0 a.m.•56 views

ASB-A-175451802

In tiocspgrp of ttyjobctrl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS8.2AI score0.01129EPSS
Exploits2References2
OSV
OSV
•added 2021/04/25 12:0 a.m.•56 views

DLA-2638-1 jackson-databind - security update

Bulletin has no description...

8.8CVSS7.6AI score0.20929EPSS
Exploits16
OSV
OSV
•added 2021/03/25 12:0 a.m.•56 views

DSA-4875-1 openssl - security update

Bulletin has no description...

5.9CVSS7AI score0.62906EPSS
Exploits3
OSV
OSV
•added 2021/01/01 12:0 a.m.•56 views

ASB-A-169505740

In speculationctrlupdate of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction i...

5.5CVSS5.9AI score0.00463EPSS
Exploits0References2
OSV
OSV
•added 2020/07/27 6:8 p.m.•56 views

GHSA-JPHG-QWRW-7W9G Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS6.8AI score0.06811EPSS
Exploits0References23
OSV
OSV
•added 2019/10/28 12:0 a.m.•56 views

DSA-4553-1 php7.3 - security update

Bulletin has no description...

9.8CVSS9.6AI score0.9947EPSS
Exploits54
OSV
OSV
•added 2019/10/24 12:0 a.m.•56 views

DSA-4549-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS7.5AI score0.06643EPSS
Exploits2
OSV
OSV
•added 2019/07/23 12:0 a.m.•56 views

DLA-1862-1 linux - security update

Bulletin has no description...

7.8CVSS7AI score0.52199EPSS
Exploits21
OSV
OSV
•added 2019/06/03 12:0 a.m.•56 views

DLA-1813-1 php5 - security update

Bulletin has no description...

9.1CVSS8.5AI score0.04068EPSS
Exploits2
OSV
OSV
•added 2019/03/14 12:0 a.m.•56 views

DLA-1715-1 linux-4.9 - security update

Bulletin has no description...

7.8CVSS7.9AI score0.60631EPSS
Exploits11
OSV
OSV
•added 2018/10/17 8:28 p.m.•56 views

GHSA-3RMV-2PG5-XVQJ Spring Framework has Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.4AI score0.57632EPSS
Exploits0References18
OSV
OSV
•added 2018/07/05 12:0 a.m.•56 views

DSA-4240-1 php7.0 - security update

Bulletin has no description...

9.8CVSS7AI score0.87883EPSS
Exploits3
OSV
OSV
•added 2018/01/08 12:0 a.m.•56 views

DSA-4081-1 php5 - security update

Bulletin has no description...

9.8CVSS7.3AI score0.79949EPSS
Exploits3
OSV
OSV
•added 2018/01/08 12:0 a.m.•56 views

DSA-4080-1 php7.0 - security update

Bulletin has no description...

9.8CVSS7.4AI score0.79949EPSS
Exploits3
OSV
OSV
•added 2017/11/02 12:0 a.m.•56 views

DLA-1157-1 openssl - security update

Bulletin has no description...

5.3CVSS6.4AI score0.17699EPSS
Exploits0
OSV
OSV
•added 2017/10/24 6:33 p.m.•56 views

GHSA-FH39-V733-MXFR Active Record vulnerable to SQL Injection via nested query parameters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.1AI score0.04174EPSS
Exploits2References6
OSV
OSV
•added 2017/10/24 6:33 p.m.•56 views

GHSA-MPXF-GCW2-PW5Q actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS7.1AI score0.207EPSS
Exploits2References18
OSV
OSV
•added 2017/10/20 12:0 a.m.•56 views

DSA-4004-1 jackson-databind - security update

Bulletin has no description...

9.8CVSS9.2AI score0.37925EPSS
Exploits7
OSV
OSV
•added 2017/09/19 12:0 a.m.•56 views

DLA-1099-1 linux - security update

Bulletin has no description...

8.8CVSS8.1AI score0.16181EPSS
Exploits29
OSV
OSV
•added 2017/08/29 12:0 a.m.•56 views

DLA-1073-1 openjdk-7 - security update

Bulletin has no description...

9.6CVSS7.3AI score0.05034EPSS
Exploits0
OSV
OSV
•added 2017/08/07 12:0 a.m.•56 views

DSA-3927-1 linux - security update

Bulletin has no description...

7.8CVSS6.9AI score0.03763EPSS
Exploits11
OSV
OSV
•added 2017/05/12 8:29 p.m.•56 views

CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

9.8CVSS9.9AI score
Exploits0References3
OSV
OSV
•added 2016/10/19 12:0 a.m.•56 views

DLA-670-1 linux - security update

Bulletin has no description...

7.8CVSS7.6AI score0.83524EPSS
Exploits81
OSV
OSV
•added 2016/06/29 12:0 a.m.•56 views

DLA-533-1 php5 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.05487EPSS
Exploits2
OSV
OSV
•added 2016/03/09 12:0 a.m.•56 views

DSA-3510-1 iceweasel - security update

Bulletin has no description...

10CVSS7.2AI score0.31046EPSS
Exploits9
OSV
OSV
•added 2016/02/08 12:0 a.m.•56 views

DSA-3471-1 qemu - security update

Bulletin has no description...

9CVSS6.7AI score0.0773EPSS
Exploits4
OSV
OSV
•added 2015/09/21 12:0 a.m.•56 views

DSA-3364-1 linux - security update

Bulletin has no description...

6.1CVSS7AI score0.03693EPSS
Exploits0
OSV
OSV
•added 2015/09/18 12:0 a.m.•56 views

DSA-3362-1 qemu-kvm - security update

Bulletin has no description...

7.5CVSS6.3AI score0.03502EPSS
Exploits0
OSV
OSV
•added 2015/06/14 12:0 a.m.•56 views

DLA-246-1 linux-2.6 - security update

Bulletin has no description...

7.8CVSS7.1AI score0.03052EPSS
Exploits4
OSV
OSV
•added 2014/10/16 12:0 a.m.•56 views

DLA-71-1 apache2 - security update

Bulletin has no description...

5CVSS5.8AI score0.60205EPSS
Exploits2
OSV
OSV
•added 2014/09/29 12:0 a.m.•56 views

DLA-66-1 apache2 - security update

Bulletin has no description...

6.8CVSS7AI score0.85744EPSS
Exploits6
OSV
OSV
•added 2014/05/14 12:0 a.m.•56 views

DSA-2928-1 linux-2.6 - security update

Bulletin has no description...

7.2CVSS6.3AI score0.22475EPSS
Exploits7
OSV
OSV
•added 2011/06/29 12:0 a.m.•56 views

DSA-2266-1 php5 - several

Bulletin has no description...

7.5CVSS8.4AI score0.19235EPSS
Exploits18
OSV
OSV
•added 2010/03/31 12:0 a.m.•56 views

DSA-2025-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS6.6AI score0.06433EPSS
Exploits8
OSV
OSV
•added 2009/12/16 12:0 a.m.•56 views

DSA-1956-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS8.1AI score0.03963EPSS
Exploits8
OSV
OSV
•added 2009/01/02 12:0 a.m.•56 views

DSA-1694-1 xterm - remote code execution

Bulletin has no description...

9.3CVSS7.2AI score0.04974EPSS
Exploits0
OSV
OSV
•added 2007/09/27 12:0 a.m.•56 views

DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

7.2CVSS7.7AI score0.0082EPSS
Exploits2
OSV
OSV
•added 2025/04/09 12:15 p.m.•55 views

CVE-2025-31672

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...

5.3CVSS6.5AI score
Exploits0References4
OSV
OSV
•added 2025/01/30 10:3 a.m.•56 views

RHSA-2025:0648 Red Hat Security Advisory: OpenShift Container Platform 4.15.44 security update

Bulletin has no description...

7.4CVSS7.3AI score0.00773EPSS
Exploits0References7
OSV
OSV
•added 2024/12/04 4:25 p.m.•55 views

GO-2024-3305 Moby Race Condition vulnerability in github.com/moby/moby

Moby Race Condition vulnerability in github.com/moby/moby...

8.1CVSS7.8AI score0.00641EPSS
Exploits0References5
OSV
OSV
•added 2024/11/19 1:29 a.m.•55 views

CVE-2024-50264 vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

7.8CVSS6.1AI score0.00352EPSS
Exploits1References14
OSV
OSV
•added 2024/10/04 4:39 p.m.•55 views

BIT-PYTHON-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

9.8CVSS9.4AI score0.23293EPSS
Exploits1References29
OSV
OSV
•added 2024/09/30 4:25 p.m.•55 views

RHSA-2018:2927 Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS6.5AI score0.08411EPSS
Exploits4References210
OSV
OSV
•added 2024/09/30 3:48 p.m.•55 views

RHSA-2023:7637 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

Bulletin has no description...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References69
OSV
OSV
•added 2024/07/10 6:10 a.m.•55 views

SUSE-SU-2024:2381-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47103: net: sock: preserve kabi for sock bsc1221010. - CVE-2021-47191: Fix out-of-bound read in respreadcap16 bsc1222866. - CVE-2021-47267: usb: fix...

9.1CVSS8.5AI score0.01401EPSS
Exploits4References305
OSV
OSV
•added 2024/07/01 7:15 p.m.•55 views

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

8.1CVSS6.7AI score
Exploits0References3
OSV
OSV
•added 2024/07/01 12:0 a.m.•55 views

DSA-5724-1 openssh - security update

Bulletin has no description...

8.1CVSS7.9AI score0.99506EPSS
Exploits68
OSV
OSV
•added 2024/04/12 9:23 p.m.•55 views

GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.0076EPSS
Exploits0References5
OSV
OSV
•added 2024/04/02 12:0 a.m.•55 views

ALSA-2024:1607 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow a perfevent's readsize CVE-2023-6931 kernel: GS...

7.8CVSS7.9AI score0.28058EPSS
Exploits17References16
Total number of security vulnerabilities5000