Lucene search
K
OsvMost viewed

907431 matches found

OSV
OSV
•added 2024/03/06 11:23 a.m.•55 views

BIT-GITLAB-2020-10086

GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read...

5.3CVSS5.1AI score0.01331EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 11:8 a.m.•55 views

BIT-GOLANG-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.5CVSS7.8AI score0.0473EPSS
Exploits0References16
OSV
OSV
•added 2024/03/06 10:52 a.m.•55 views

BIT-ENVOY-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2024/02/12 9:30 p.m.•55 views

GHSA-V76W-3PH8-VM66 Undertow Path Traversal vulnerability

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories...

5.3CVSS6AI score0.01714EPSS
Exploits0References14
OSV
OSV
•added 2024/02/11 5:15 a.m.•55 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score
Exploits0References3
OSV
OSV
•added 2023/10/25 9:14 p.m.•55 views

GHSA-93GH-JGJJ-R929 XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages

Impact When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this...

9CVSS8AI score0.00623EPSS
Exploits1References5
OSV
OSV
•added 2023/10/25 6:6 p.m.•55 views

GO-2023-2046 Unbounded memory consumption in github.com/ethereum/go-ethereum

Unbounded memory consumption in github.com/ethereum/go-ethereum...

7.5CVSS7.4AI score0.00981EPSS
Exploits0References1
OSV
OSV
•added 2023/10/24 6:35 p.m.•55 views

RLSA-2023:5721 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References3
OSV
OSV
•added 2023/10/22 3:30 a.m.•55 views

GHSA-C59H-R6P8-Q9WC Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...

7.5CVSS7.4AI score0.01284EPSS
Exploits1References6
OSV
OSV
•added 2023/10/16 12:0 a.m.•55 views

ALSA-2023:5713 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
•added 2023/09/26 7:34 a.m.•55 views

CVE-2023-5192 Excessive Data Query Operations in a Large Data Table in pimcore/demo

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0...

6.1CVSS6.3AI score0.00783EPSS
Exploits1References4
OSV
OSV
•added 2023/09/19 12:9 p.m.•55 views

RLSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References11
OSV
OSV
•added 2023/09/04 10:39 p.m.•55 views

CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

7.5CVSS7.4AI score0.00623EPSS
Exploits0References7
OSV
OSV
•added 2023/06/21 12:0 a.m.•55 views

ALSA-2023:3723 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter: use-after-free in nftables when processing batch...

7.8CVSS7.3AI score0.12966EPSS
Exploits10References14
OSV
OSV
•added 2023/01/23 8:27 a.m.•55 views

RLSA-2023:0194 Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

5.3CVSS6AI score0.01836EPSS
Exploits0References5
OSV
OSV
•added 2023/01/18 5:15 p.m.•55 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

7.8CVSS5.1AI score0.55367EPSS
Exploits20References14
OSV
OSV
•added 2022/11/15 12:0 a.m.•55 views

ALSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

9.8CVSS9.1AI score0.90407EPSS
Exploits2References22
OSV
OSV
•added 2022/10/19 9:31 p.m.•55 views

RLSA-2022:7000 Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.3AI score0.02376EPSS
Exploits0References7
OSV
OSV
•added 2022/09/07 12:1 a.m.•55 views

GHSA-69CG-P879-7622 golang.org/x/net/http2 Denial of Service vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.3AI score0.02513EPSS
Exploits0References11
OSV
OSV
•added 2022/07/16 5:15 p.m.•55 views

PYSEC-2022-235

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...

9.8CVSS3.6AI score0.12077EPSS
Exploits4References6
OSV
OSV
•added 2022/05/19 12:0 a.m.•55 views

GHSA-69C3-5XXF-58Q2 SQL injection in moodle

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria...

9.8CVSS9.6AI score0.01288EPSS
Exploits0References9
OSV
OSV
•added 2022/05/18 12:0 a.m.•55 views

GHSA-4M42-8QFQ-H3Q9 Cross-site Scripting in Jenkins Rundeck Plugin

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. Rundeck Plugin 3.6.11 sanitizes URLs submitted in Rundeck...

8CVSS5.3AI score0.71335EPSS
Exploits0References3
OSV
OSV
•added 2022/05/17 4:38 a.m.•55 views

GHSA-74QV-RV53-5WCX Yii PHP Framework arbitrary PHP scripts execution

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...

7.5CVSS7.1AI score0.02122EPSS
Exploits0References4
OSV
OSV
•added 2022/05/17 4:17 a.m.•55 views

GHSA-FMMQ-J7PQ-F85C JRuby denial of service via Hash Collision

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

5CVSS5.1AI score0.02249EPSS
Exploits0References5
OSV
OSV
•added 2022/05/14 1:14 a.m.•55 views

GHSA-FF7P-JQJM-V66H Improper Neutralization of Input During Web Page Generation in Spring Framework

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

4.3CVSS5.8AI score0.03348EPSS
Exploits0References9
OSV
OSV
•added 2022/05/14 1:3 a.m.•55 views

GHSA-WXVR-VQFP-9CQW Denial of service in JBoss resteasy

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...

7.5CVSS7.2AI score0.04913EPSS
Exploits0References6
OSV
OSV
•added 2022/05/13 12:0 a.m.•55 views

DLA-3003-1 ruby-nokogiri - security update

Bulletin has no description...

7.5CVSS7.5AI score0.03549EPSS
Exploits0
OSV
OSV
•added 2022/04/05 12:0 a.m.•55 views

GHSA-4W2Q-9HP2-VXJ5 Path Traversal in Caucho Resin

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request...

7.5CVSS7.5AI score0.14115EPSS
Exploits1References2
OSV
OSV
•added 2022/03/17 12:0 a.m.•55 views

DLA-2953-1 openssl1.0 - security update

Bulletin has no description...

7.5CVSS8.2AI score0.70561EPSS
Exploits2
OSV
OSV
•added 2021/11/05 12:0 a.m.•55 views

DSA-5001-1 redis - security update

Bulletin has no description...

9CVSS6.9AI score0.1578EPSS
Exploits0
OSV
OSV
•added 2021/11/03 7:23 p.m.•55 views

ALSA-2021:4123 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fixes: Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3...

10CVSS9.4AI score0.0383EPSS
Exploits0References6
OSV
OSV
•added 2021/09/25 12:0 a.m.•55 views

DSA-4978-1 linux - security update

Bulletin has no description...

8.8CVSS7AI score0.01692EPSS
Exploits8
OSV
OSV
•added 2021/08/03 2:57 a.m.•55 views

UVI-2021-1001492 atm: iphase: fix possible use-after-free in ia_module_exit()

atm: iphase: fix possible use-after-free in iamoduleexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.3AI score
Exploits0
OSV
OSV
•added 2021/06/15 12:0 a.m.•55 views

DLA-2686-1 python-urllib3 - security update

Bulletin has no description...

9.8CVSS6.8AI score0.04488EPSS
Exploits1
OSV
OSV
•added 2021/06/07 4:7 p.m.•55 views

GHSA-VMFG-RJJM-RJRJ QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

9.8CVSS9.5AI score0.07501EPSS
Exploits0References25
OSV
OSV
•added 2021/05/30 12:0 a.m.•55 views

DSA-4923-1 webkit2gtk - security update

Bulletin has no description...

9.8CVSS8AI score0.0712EPSS
Exploits0
OSV
OSV
•added 2021/03/12 9:33 p.m.•55 views

GHSA-G2FG-MR77-6VRM Uncontrolled Resource Consumption in Apache Thrift

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...

7.5CVSS7.2AI score0.06779EPSS
Exploits0References111
OSV
OSV
•added 2020/11/25 12:0 a.m.•55 views

DSA-4798-1 spip - security update

Bulletin has no description...

9.8CVSS7.4AI score0.02167EPSS
Exploits3
OSV
OSV
•added 2020/06/13 12:0 a.m.•55 views

DLA-2248-1 intel-microcode - security update

Bulletin has no description...

5.5CVSS6.5AI score0.00587EPSS
Exploits0
OSV
OSV
•added 2020/06/09 12:0 a.m.•55 views

DLA-2242-1 linux-4.9 - security update

Bulletin has no description...

7.8CVSS7.9AI score0.10114EPSS
Exploits8
OSV
OSV
•added 2020/03/20 12:0 a.m.•55 views

DLA-2151-1 icu - security update

Bulletin has no description...

8.8CVSS7.9AI score0.02669EPSS
Exploits0
OSV
OSV
•added 2019/11/10 12:0 a.m.•55 views

DSA-4562-1 chromium - security update

Bulletin has no description...

9.6CVSS6.5AI score0.72977EPSS
Exploits4
OSV
OSV
•added 2019/10/26 12:0 a.m.•55 views

DLA-1970-1 php5 - security update

Bulletin has no description...

9.8CVSS9.6AI score0.9947EPSS
Exploits54
OSV
OSV
•added 2019/10/20 12:0 a.m.•55 views

DSA-4546-1 openjdk-11 - security update

Bulletin has no description...

6.8CVSS6.3AI score0.03749EPSS
Exploits0
OSV
OSV
•added 2019/09/23 6:32 p.m.•55 views

GHSA-P5XP-6VPF-JWVH Improper Input Validation and Cross-Site Request Forgery in Keycloak

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain...

8.8CVSS8.5AI score0.00495EPSS
Exploits0References3
OSV
OSV
•added 2019/09/05 1:15 p.m.•55 views

CVE-2018-21010

OpenJPEG before 2.3.1 has a heap buffer overflow in colorapplyiccprofile in bin/common/color.c...

8.8CVSS2.6AI score
Exploits0References4
OSV
OSV
•added 2019/08/28 12:0 a.m.•55 views

DLA-1900-1 apache2 - security update

Bulletin has no description...

6.1CVSS6.8AI score0.81466EPSS
Exploits5
OSV
OSV
•added 2019/07/26 12:15 a.m.•55 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1CVSS9.1AI score
Exploits0References6
OSV
OSV
•added 2019/02/12 5:26 p.m.•55 views

GHSA-W5M8-5V9M-XHX5 Critical severity vulnerability that affects Haraka

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...

9.8CVSS9.6AI score0.13377EPSS
Exploits4References3
OSV
OSV
•added 2018/12/16 12:0 a.m.•55 views

DLA-1608-1 php5 - security update

Bulletin has no description...

8.5CVSS7AI score0.9523EPSS
Exploits7
Total number of security vulnerabilities5000