Lucene search
K
OsvMost viewed

908634 matches found

OSV
OSV
•added 2014/05/14 12:0 a.m.•56 views

DSA-2928-1 linux-2.6 - security update

Bulletin has no description...

7.2CVSS6.3AI score0.22475EPSS
Exploits7
OSV
OSV
•added 2014/05/12 12:0 a.m.•56 views

DSA-2926-1 linux - security update

Bulletin has no description...

7.2CVSS6.3AI score0.22475EPSS
Exploits14
OSV
OSV
•added 2014/04/22 12:0 a.m.•56 views

DSA-2911-1 icedove - security update

Bulletin has no description...

10CVSS8.8AI score0.83633EPSS
Exploits17
OSV
OSV
•added 2009/12/16 12:0 a.m.•56 views

DSA-1956-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS8.1AI score0.03963EPSS
Exploits8
OSV
OSV
•added 2009/01/02 12:0 a.m.•56 views

DSA-1694-1 xterm - remote code execution

Bulletin has no description...

9.3CVSS7.2AI score0.04974EPSS
Exploits0
OSV
OSV
•added 2006/05/21 12:0 a.m.•56 views

DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities

Bulletin has no description...

10CVSS6.1AI score0.04078EPSS
Exploits8
OSV
OSV
•added 2026/05/08 10:5 a.m.•55 views

RHSA-2026:14823 Red Hat Security Advisory: kernel security update

Bulletin has no description...

7.8CVSS5.7AI score0.0049EPSS
Exploits0References12
OSV
OSV
•added 2026/05/03 9:56 a.m.•55 views

OESA-2026-2164 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

6.8CVSS6AI score0.0016EPSS
Exploits1References2
OSV
OSV
•added 2024/10/04 4:39 p.m.•55 views

BIT-PYTHON-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

9.8CVSS9.4AI score0.23293EPSS
Exploits1References29
OSV
OSV
•added 2024/09/30 4:25 p.m.•55 views

RHSA-2018:2927 Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS6.5AI score0.08411EPSS
Exploits4References210
OSV
OSV
•added 2024/09/30 3:48 p.m.•55 views

RHSA-2023:7637 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

Bulletin has no description...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References69
OSV
OSV
•added 2024/09/25 5:30 a.m.•55 views

CGA-PFMC-9PXP-XX2W

Bulletin has no description...

7.5CVSS7.3AI score0.06748EPSS
Exploits0
OSV
OSV
•added 2024/08/30 5:18 p.m.•55 views

GO-2024-3088 memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

memos CORS Misconfiguration in server.go GHSL-2024-034 in github.com/usememos/memos...

8.1CVSS8AI score0.00607EPSS
Exploits1References5
OSV
OSV
•added 2024/08/21 4:4 p.m.•55 views

GO-2022-1266 usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos

usememos/memos vulnerable to Improper Verification of Source of a Communication Channel in github.com/usememos/memos...

8.6CVSS5.4AI score0.00528EPSS
Exploits1References4
OSV
OSV
•added 2024/08/21 2:17 p.m.•55 views

GO-2023-2022 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker

Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker...

7.5CVSS7.4AI score0.03147EPSS
Exploits0References5
OSV
OSV
•added 2024/07/18 10:15 a.m.•55 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.4AI score
Exploits0References2
OSV
OSV
•added 2024/07/18 12:0 a.m.•55 views

ALSA-2024:4620 Important: libndp security update

Libndp is a library used by NetworkManager that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fixes: libndp: buffer overflow in route information length field CVE-2024-5564 For more details about...

8.1CVSS8.6AI score0.01165EPSS
Exploits0References4
OSV
OSV
•added 2024/07/01 7:15 p.m.•55 views

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

8.1CVSS6.7AI score
Exploits0References3
OSV
OSV
•added 2024/06/05 3:10 p.m.•55 views

GO-2024-2882 github.com/huandu/facebook may expose access_token in error message.

github.com/huandu/facebook may expose accesstoken in error message...

3.7CVSS4AI score0.00504EPSS
Exploits0References6
OSV
OSV
•added 2024/05/22 12:0 a.m.•55 views

ALSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

9.8CVSS7.7AI score0.04268EPSS
Exploits5References12
OSV
OSV
•added 2024/04/12 9:23 p.m.•55 views

GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.0076EPSS
Exploits0References5
OSV
OSV
•added 2024/04/02 12:0 a.m.•55 views

ALSA-2024:1607 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow a perfevent's readsize CVE-2023-6931 kernel: GS...

7.8CVSS7.9AI score0.28058EPSS
Exploits17References16
OSV
OSV
•added 2024/03/06 11:8 a.m.•55 views

BIT-GOLANG-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...

7.5CVSS7.8AI score0.0473EPSS
Exploits0References16
OSV
OSV
•added 2024/03/06 10:52 a.m.•55 views

BIT-ENVOY-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2024/02/20 12:0 a.m.•55 views

ALSA-2024:0897 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: schhfsc UAF CVE-2023-4623 kernel: use-after-free in schqfq network scheduler CVE-2023-4921 kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: IGB driver inadequat...

7.8CVSS8.5AI score0.01549EPSS
Exploits3References40
OSV
OSV
•added 2024/02/11 5:15 a.m.•55 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.5CVSS7AI score
Exploits0References3
OSV
OSV
•added 2023/11/14 8:39 p.m.•55 views

GHSA-C3HF-8VGX-72RH Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do...

7.6CVSS9AI score0.12512EPSS
Exploits0References5
OSV
OSV
•added 2023/11/08 12:0 a.m.•56 views

DSA-5550-1 cacti - security update

Bulletin has no description...

9.8CVSS6.3AI score0.87575EPSS
Exploits14
OSV
OSV
•added 2023/10/25 9:14 p.m.•55 views

GHSA-93GH-JGJJ-R929 XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages

Impact When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this...

9CVSS8AI score0.00623EPSS
Exploits1References5
OSV
OSV
•added 2023/10/24 6:35 p.m.•55 views

RLSA-2023:5989 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References2
OSV
OSV
•added 2023/10/24 6:35 p.m.•55 views

RLSA-2023:5721 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References3
OSV
OSV
•added 2023/10/19 12:0 a.m.•55 views

ALSA-2023:5929 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
•added 2023/10/16 12:0 a.m.•55 views

ALSA-2023:5713 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
•added 2023/09/21 11:15 p.m.•55 views

CVE-2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...

7CVSS7.5AI score0.00663EPSS
Exploits2References11
OSV
OSV
•added 2023/09/19 12:9 p.m.•55 views

RLSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References11
OSV
OSV
•added 2023/09/12 3:15 p.m.•55 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.2AI score0.99694EPSS
Exploits9References47
OSV
OSV
•added 2023/09/04 10:39 p.m.•55 views

CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

7.5CVSS7.4AI score0.00623EPSS
Exploits0References7
OSV
OSV
•added 2023/07/31 4:49 a.m.•55 views

MAL-2023-1011 Malicious code in docusaurus-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 051d35253b6ae2ef5d7366a3879b1783f91c35cc5fa1346198db3d6326e0e589 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2023/04/06 12:0 a.m.•55 views

ALSA-2023:1670 Important: httpd and mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References4
OSV
OSV
•added 2023/02/22 1:8 a.m.•55 views

RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

7.5CVSS7.8AI score0.57941EPSS
Exploits0References5
OSV
OSV
•added 2023/02/22 12:0 a.m.•55 views

DLA-3335-1 asterisk - security update

Bulletin has no description...

9.8CVSS7.3AI score0.01809EPSS
Exploits0
OSV
OSV
•added 2023/02/14 7:41 p.m.•55 views

GO-2023-1559 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfsnode

Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. There are no known workarounds users are advised to...

7.5CVSS6.2AI score0.00908EPSS
Exploits0References2
OSV
OSV
•added 2022/12/22 5:41 p.m.•55 views

GO-2022-1155 Panic in github.com/ipfs/go-merkledag

A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder method to set non-functioning CidBuilder such as one that refers to a multihash where ...

7.5CVSS7.3AI score0.01254EPSS
Exploits0References6
OSV
OSV
•added 2022/12/19 10:48 p.m.•55 views

GHSA-H4Q8-96P6-JCGR ghinstallation returns app JWT in error responses

Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.goL172-L174 The request contained the beare...

5CVSS4.7AI score0.00382EPSS
Exploits1References8
OSV
OSV
•added 2022/12/01 12:0 a.m.•55 views

ASB-A-201667614

In multiple locations of MediaProvider.java, there is a possible way to get read/write access to other applications’ dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed...

6.7AI score
Exploits0References2
OSV
OSV
•added 2022/11/27 12:0 a.m.•55 views

DLA-3207-1 jackson-databind - security update

Bulletin has no description...

7.5CVSS7.6AI score0.0486EPSS
Exploits4
OSV
OSV
•added 2022/11/15 6:14 a.m.•55 views

RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

8.1CVSS9AI score0.90407EPSS
Exploits2References15
OSV
OSV
•added 2022/11/08 12:0 a.m.•55 views

ALSA-2022:7647 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

9.8CVSS8.8AI score0.90407EPSS
Exploits2References22
OSV
OSV
•added 2022/10/27 12:0 a.m.•55 views

DLA-3164-1 python-django - security update

Bulletin has no description...

9.8CVSS6.9AI score0.73274EPSS
Exploits5
OSV
OSV
•added 2022/10/19 9:31 p.m.•55 views

RLSA-2022:7000 Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

5.3CVSS6.3AI score0.02376EPSS
Exploits0References7
Total number of security vulnerabilities5000