Lucene search
K
OsvMost viewed

907635 matches found

OSV
OSV
•added 2025/06/01 12:0 a.m.•53 views

ASB-A-386950836

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00079EPSS
Exploits0References2
OSV
OSV
•added 2024/10/02 5:7 a.m.•53 views

RHSA-2024:7001 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS7.7AI score0.01028EPSS
Exploits2References653
OSV
OSV
•added 2024/10/02 5:6 a.m.•53 views

RHSA-2024:5101 Red Hat Security Advisory: kernel security update

Bulletin has no description...

7.8CVSS8AI score0.08555EPSS
Exploits3References863
OSV
OSV
•added 2024/09/30 4:32 p.m.•53 views

RHSA-2023:1044 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits41References147
OSV
OSV
•added 2024/09/30 2:24 a.m.•53 views

RHSA-2022:8840 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Bulletin has no description...

9.8CVSS8.9AI score0.95764EPSS
Exploits14References87
OSV
OSV
•added 2024/08/08 12:0 a.m.•53 views

ALSA-2024:5102 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to...

9.8CVSS8.7AI score0.08555EPSS
Exploits3References300
OSV
OSV
•added 2024/07/03 7:17 a.m.•53 views

BIT-APACHE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.8AI score0.99957EPSS
Exploits1References8
OSV
OSV
•added 2024/07/01 11:19 a.m.•53 views

BIT-HUBBLE-UI-BACKEND-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
•added 2024/07/01 11:13 a.m.•53 views

BIT-CILIUM-PROXY-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS5.3AI score0.00217EPSS
Exploits0References6
OSV
OSV
•added 2024/05/22 12:0 a.m.•53 views

ALSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

9.8CVSS7.7AI score0.04268EPSS
Exploits5References12
OSV
OSV
•added 2024/03/14 5:12 p.m.•53 views

GO-2024-2606 SQL injection in github.com/jackc/pgproto3 and github.com/jackc/pgx

An integer overflow in the calculated message size of a query or bind message could allow a single large message to be sent as multiple messages under the attacker's control. This could lead to SQL injection if an attacker can cause a single query or bind message to exceed 4 GB in size...

9.8CVSS9.1AI score0.01109EPSS
Exploits1References5
OSV
OSV
•added 2024/03/10 5:15 a.m.•53 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

7.5CVSS6.9AI score
Exploits0References10
OSV
OSV
•added 2024/03/06 11:7 a.m.•53 views

BIT-PYTHON-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS9.7AI score0.08235EPSS
Exploits0References15
OSV
OSV
•added 2024/03/06 11:4 a.m.•53 views

BIT-PRESTASHOP-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are ...

9.9CVSS9.2AI score0.01692EPSS
Exploits2References4
OSV
OSV
•added 2024/03/06 11:1 a.m.•53 views

BIT-PHP-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS8.8AI score0.08003EPSS
Exploits3References5
OSV
OSV
•added 2024/03/06 10:53 a.m.•53 views

BIT-GOLANG-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2024/03/06 10:51 a.m.•53 views

BIT-DOTNET-SDK-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2024/02/20 12:0 a.m.•53 views

ALSA-2024:0897 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: schhfsc UAF CVE-2023-4623 kernel: use-after-free in schqfq network scheduler CVE-2023-4921 kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: IGB driver inadequat...

7.8CVSS8.5AI score0.01549EPSS
Exploits3References40
OSV
OSV
•added 2023/11/14 8:39 p.m.•53 views

GHSA-C3HF-8VGX-72RH Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do...

7.6CVSS9AI score0.12512EPSS
Exploits0References5
OSV
OSV
•added 2023/11/14 8:36 p.m.•53 views

GHSA-3FX3-85R4-8J3W Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance...

6.2CVSS7.7AI score0.01085EPSS
Exploits0References5
OSV
OSV
•added 2023/11/14 12:0 a.m.•53 views

ALSA-2023:7065 Moderate: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...

7.5CVSS7AI score0.51547EPSS
Exploits1References8
OSV
OSV
•added 2023/11/03 1:15 p.m.•53 views

CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...

9.8CVSS7.2AI score0.02409EPSS
Exploits1References12
OSV
OSV
•added 2023/11/01 7:18 a.m.•53 views

BIT-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.1AI score0.03796EPSS
Exploits0References7Affected Software1
OSV
OSV
•added 2023/10/24 6:35 p.m.•53 views

RLSA-2023:5989 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References2
OSV
OSV
•added 2023/10/17 2:37 a.m.•53 views

GHSA-7V4P-328V-8V5G Traefik vulnerable to HTTP/2 request causing denial of service

Impact A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2023-44487 - CVE-2023-39325 Patches - https://github.com/traefik/traefik/releases/tag/v2.10.5 -...

7.7AI score
Exploits0References3
OSV
OSV
•added 2023/10/16 12:0 a.m.•53 views

ALSA-2023:5738 Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References8
OSV
OSV
•added 2023/10/14 2:8 a.m.•53 views

RLSA-2023:5532 Important: nodejs security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

9.8CVSS8.6AI score0.01484EPSS
Exploits1References5
OSV
OSV
•added 2023/10/02 6:39 p.m.•53 views

GO-2023-2077 Authentication bypass in github.com/sagernet/sing

Authentication bypass in github.com/sagernet/sing...

9.8CVSS9.5AI score0.00679EPSS
Exploits0References2
OSV
OSV
•added 2023/09/12 8:15 p.m.•53 views

GHSA-G4P8-G7MQ-WPX4 Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS8.5AI score0.01441EPSS
Exploits0References4
OSV
OSV
•added 2023/07/10 7:8 p.m.•53 views

GHSA-MRR8-V49W-3333 sweetalert2 contains potentially undesirable behavior

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme...

5.9AI score
Exploits0References6
OSV
OSV
•added 2023/06/21 12:0 a.m.•53 views

ALSA-2023:3708 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilte...

7.8CVSS7.4AI score0.12966EPSS
Exploits10References14
OSV
OSV
•added 2023/05/09 12:0 a.m.•54 views

ALSA-2023:2148 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP...

8.8CVSS9.2AI score0.03763EPSS
Exploits13References82
OSV
OSV
•added 2023/05/05 3:42 p.m.•53 views

RXSA-2023:1566 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...

7.8CVSS8AI score0.0788EPSS
Exploits14References5
OSV
OSV
•added 2023/04/06 3:53 p.m.•53 views

RLSA-2023:0970 Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

7.5CVSS7.8AI score0.57941EPSS
Exploits0References4
OSV
OSV
•added 2023/01/24 8:54 p.m.•53 views

GHSA-V3CG-7R9H-R2G6 Field-level security issue with .keyword fields in OpenSearch

Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...

5.7CVSS5.9AI score0.00821EPSS
Exploits0References4
OSV
OSV
•added 2022/12/07 6:39 p.m.•53 views

GO-2022-1114 ZipSlip when unzipping files in github.com/duke-git/lancet

A ZipSlip vulnerability exists when using the fileutil package to unzip files...

8.8CVSS7.1AI score0.00793EPSS
Exploits1References3
OSV
OSV
•added 2022/12/01 12:0 a.m.•53 views

ASB-A-201667614

In multiple locations of MediaProvider.java, there is a possible way to get read/write access to other applications’ dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed...

6.7AI score
Exploits0References2
OSV
OSV
•added 2022/11/16 9:15 a.m.•53 views

CVE-2022-45047

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

9.8CVSS9.4AI score
Exploits0References2
OSV
OSV
•added 2022/11/09 9:15 p.m.•53 views

CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure...

5.5CVSS1.9AI score
Exploits0References6
OSV
OSV
•added 2022/11/03 7:0 p.m.•53 views

GHSA-236J-RFX5-WQ38 OpenCart SQL injection vulnerability

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...

4.9CVSS5.2AI score0.00726EPSS
Exploits1References3
OSV
OSV
•added 2022/09/28 12:0 a.m.•53 views

DSA-5244-1 chromium - security update

Bulletin has no description...

8.8CVSS6.9AI score0.00616EPSS
Exploits8
OSV
OSV
•added 2022/09/19 12:0 p.m.•53 views

RUSTSEC-2022-0091 `tauri` filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...

2.3CVSS4.1AI score0.00421EPSS
Exploits0References3
OSV
OSV
•added 2022/09/11 12:0 a.m.•53 views

DLA-3102-1 linux-5.10 - new package

Bulletin has no description...

7.8CVSS7.5AI score0.12746EPSS
Exploits13
OSV
OSV
•added 2022/09/07 12:0 p.m.•53 views

RUSTSEC-2022-0063 Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

8.4CVSS9.1AI score0.00727EPSS
Exploits1References3
OSV
OSV
•added 2022/08/30 12:0 a.m.•53 views

DLA-3087-1 webkit2gtk - security update

Bulletin has no description...

8.8CVSS9AI score0.09785EPSS
Exploits0
OSV
OSV
•added 2022/07/08 12:0 a.m.•53 views

DSA-5179-1 php7.4 - security update

Bulletin has no description...

8.8CVSS8.7AI score0.5838EPSS
Exploits3
OSV
OSV
•added 2022/06/25 7:11 a.m.•53 views

GHSA-2JX3-5J9V-PRPP BlockWishList SQL Injection vulnerability

Impact An authenticated customer can perform SQL injection Patches Issue is fixed in 2.1.1...

8.1CVSS8.3AI score0.24146EPSS
Exploits6References5
OSV
OSV
•added 2022/05/26 4:15 p.m.•53 views

CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22...

7.8CVSS3.5AI score
Exploits0References9
OSV
OSV
•added 2022/05/26 2:15 p.m.•53 views

CVE-2022-1664

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

9.8CVSS4.5AI score
Exploits0References7
OSV
OSV
•added 2022/05/25 6:9 p.m.•53 views

GHSA-CWMX-HCRQ-MHC3 Cross-domain cookie leakage in Guzzle

Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...

8CVSS7.7AI score0.01239EPSS
Exploits0References8
Total number of security vulnerabilities5000