Lucene search
K
OsvMost viewed

907914 matches found

OSV
OSV
•added 2017/12/23 12:0 a.m.•57 views

DSA-4073-1 linux - security update

Bulletin has no description...

7.8CVSS6.5AI score0.30052EPSS
Exploits21
OSV
OSV
•added 2017/11/02 12:0 a.m.•57 views

DLA-1157-1 openssl - security update

Bulletin has no description...

5.3CVSS6.4AI score0.17699EPSS
Exploits0
OSV
OSV
•added 2017/10/24 6:33 p.m.•57 views

GHSA-MPXF-GCW2-PW5Q actionpack Improper Input Validation vulnerability

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS7.1AI score0.207EPSS
Exploits2References18
OSV
OSV
•added 2017/10/20 12:0 a.m.•57 views

DSA-4004-1 jackson-databind - security update

Bulletin has no description...

9.8CVSS9.2AI score0.37925EPSS
Exploits7
OSV
OSV
•added 2017/09/26 12:0 a.m.•57 views

DLA-1114-1 ruby1.9.1 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.29442EPSS
Exploits6
OSV
OSV
•added 2017/09/19 12:0 a.m.•57 views

DLA-1099-1 linux - security update

Bulletin has no description...

8.8CVSS8.1AI score0.16181EPSS
Exploits29
OSV
OSV
•added 2017/08/07 12:0 a.m.•57 views

DSA-3927-1 linux - security update

Bulletin has no description...

7.8CVSS6.9AI score0.03763EPSS
Exploits11
OSV
OSV
•added 2017/07/13 12:0 a.m.•57 views

DLA-1024-1 nginx - security update

Bulletin has no description...

7.5CVSS7.5AI score0.62597EPSS
Exploits6
OSV
OSV
•added 2017/06/22 12:0 a.m.•57 views

DSA-3896-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.57472EPSS
Exploits4
OSV
OSV
•added 2017/06/19 12:0 a.m.•57 views

DSA-3886-1 linux - security update

Bulletin has no description...

10CVSS6.8AI score0.1081EPSS
Exploits8
OSV
OSV
•added 2017/05/12 8:29 p.m.•57 views

CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

9.8CVSS9.9AI score
Exploits0References3
OSV
OSV
•added 2016/10/19 12:0 a.m.•57 views

DLA-670-1 linux - security update

Bulletin has no description...

7.8CVSS7.6AI score0.83524EPSS
Exploits81
OSV
OSV
•added 2016/03/09 12:0 a.m.•57 views

DSA-3510-1 iceweasel - security update

Bulletin has no description...

10CVSS7.2AI score0.31046EPSS
Exploits9
OSV
OSV
•added 2016/02/20 12:0 a.m.•57 views

DLA-421-1 openssl - security update

Bulletin has no description...

5.9CVSS6.8AI score0.10731EPSS
Exploits2
OSV
OSV
•added 2016/02/08 12:0 a.m.•57 views

DSA-3471-1 qemu - security update

Bulletin has no description...

9CVSS6.7AI score0.0773EPSS
Exploits4
OSV
OSV
•added 2015/09/07 12:0 a.m.•57 views

DLA-307-1 php5 - security update

Bulletin has no description...

10CVSS7.8AI score0.21398EPSS
Exploits19
OSV
OSV
•added 2015/06/14 12:0 a.m.•57 views

DLA-246-1 linux-2.6 - security update

Bulletin has no description...

7.8CVSS7.1AI score0.03052EPSS
Exploits4
OSV
OSV
•added 2015/03/15 12:0 a.m.•57 views

DSA-3187-1 icu - security update

Bulletin has no description...

10CVSS5AI score0.22753EPSS
Exploits5
OSV
OSV
•added 2015/01/11 12:0 a.m.•57 views

DSA-3125-1 openssl - security update

Bulletin has no description...

5CVSS6.8AI score0.98685EPSS
Exploits0
OSV
OSV
•added 2014/06/01 12:0 a.m.•57 views

DSA-2943-1 php5 - security update

Bulletin has no description...

7.2CVSS7.9AI score0.20805EPSS
Exploits2
OSV
OSV
•added 2013/12/13 6:55 p.m.•57 views

UBUNTU-CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

5.1CVSS6.4AI score0.03277EPSS
Exploits0References3
OSV
OSV
•added 2011/06/29 12:0 a.m.•57 views

DSA-2266-1 php5 - several

Bulletin has no description...

7.5CVSS8.4AI score0.19235EPSS
Exploits18
OSV
OSV
•added 2010/03/31 12:0 a.m.•57 views

DSA-2025-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS6.6AI score0.06433EPSS
Exploits8
OSV
OSV
•added 2007/09/27 12:0 a.m.•57 views

DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

7.2CVSS7.7AI score0.0082EPSS
Exploits2
OSV
OSV
•added 2003/09/12 12:0 a.m.•57 views

DSA-380 xfree86 - buffer overflows, denial of service

Bulletin has no description...

7.5CVSS7.1AI score0.05427EPSS
Exploits0
OSV
OSV
•added 2026/05/27 9:33 p.m.•56 views

GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References6
OSV
OSV
•added 2025/11/25 12:16 a.m.•56 views

MAL-2025-191211 Malicious code in @dev-blinq/blinqioclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a1d417e283165e25dc75c9510f4bcdde80854ca5600090b4de220548e72ae1 The package @dev-blinq/blinqioclient was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References8
OSV
OSV
•added 2025/11/04 2:15 a.m.•56 views

DEBIAN-CVE-2025-43433

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS6.6AI score0.01116EPSS
Exploits0References1
OSV
OSV
•added 2025/04/14 11:34 a.m.•56 views

BIT-PYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

8.7CVSS6.6AI score0.01275EPSS
Exploits0References23
OSV
OSV
•added 2025/04/09 12:15 p.m.•56 views

CVE-2025-31672

Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...

5.3CVSS6.5AI score
Exploits0References4
OSV
OSV
•added 2025/01/30 10:3 a.m.•57 views

RHSA-2025:0648 Red Hat Security Advisory: OpenShift Container Platform 4.15.44 security update

Bulletin has no description...

7.4CVSS7.3AI score0.00773EPSS
Exploits0References7
OSV
OSV
•added 2024/11/19 1:29 a.m.•56 views

CVE-2024-50264 vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

7.8CVSS6.1AI score0.00352EPSS
Exploits1References14
OSV
OSV
•added 2024/11/14 1:15 p.m.•56 views

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

3.7CVSS6.7AI score0.0038EPSS
Exploits0References2
OSV
OSV
•added 2024/09/16 11:4 a.m.•56 views

RHSA-2023:6583 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

8.2CVSS8AI score0.16642EPSS
Exploits5References2532
OSV
OSV
•added 2024/09/16 7:42 a.m.•56 views

RHSA-2022:7683 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS8AI score0.12746EPSS
Exploits36References698
OSV
OSV
•added 2024/09/15 11:46 p.m.•56 views

RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update

Bulletin has no description...

7.8CVSS6.4AI score0.04945EPSS
Exploits11References120
OSV
OSV
•added 2024/09/02 12:0 p.m.•57 views

RUSTSEC-2024-0368 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

5.3CVSS4.9AI score0.00536EPSS
Exploits3References4
OSV
OSV
•added 2024/08/21 2:30 p.m.•56 views

GO-2022-0350 Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli

Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli...

7.7CVSS7.2AI score0.00321EPSS
Exploits0References3
OSV
OSV
•added 2024/07/12 9:0 p.m.•56 views

GHSA-9794-PC4R-438W Local File Inclusion in Solara

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS8.3AI score0.02884EPSS
Exploits0References4
OSV
OSV
•added 2024/07/11 3:43 p.m.•56 views

CVE-2024-39905 Red-DiscordBot vulnerable to Incorrect Authorization in commands API

Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...

5.3CVSS6.8AI score0.0041EPSS
Exploits0References5
OSV
OSV
•added 2024/07/02 6:15 p.m.•56 views

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

7.1AI score
Exploits0References11
OSV
OSV
•added 2024/07/01 12:0 a.m.•56 views

DSA-5724-1 openssh - security update

Bulletin has no description...

8.1CVSS7.9AI score0.99506EPSS
Exploits68
OSV
OSV
•added 2024/06/04 3:19 p.m.•56 views

GO-2024-2729 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

9.8CVSS8AI score0.00656EPSS
Exploits0References3
OSV
OSV
•added 2024/05/22 12:0 a.m.•56 views

ALSA-2024:2950 Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to t...

10CVSS7.9AI score0.07619EPSS
Exploits13References97
OSV
OSV
•added 2024/05/06 1:4 p.m.•56 views

RLSA-2024:1786 Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
OSV
OSV
•added 2024/04/24 5:2 p.m.•56 views

GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...

6.1CVSS4.6AI score
Exploits0References2
OSV
OSV
•added 2024/04/05 2:56 p.m.•56 views

RLSA-2024:1614 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of...

7.8CVSS7.9AI score0.28058EPSS
Exploits17References8
OSV
OSV
•added 2024/04/04 8:15 p.m.•56 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS5.9AI score
Exploits0References11
OSV
OSV
•added 2024/03/06 11:6 a.m.•56 views

BIT-PYTHON-2021-3426

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...

5.7CVSS6.8AI score0.01863EPSS
Exploits0References16
OSV
OSV
•added 2024/03/06 10:59 a.m.•56 views

BIT-NGINX-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.6AI score0.02037EPSS
Exploits0References4
Total number of security vulnerabilities5000