Lucene search
K
OsvMost viewed

908024 matches found

OSV
OSV
•added 2016/11/21 12:0 a.m.•54 views

DSA-3721-1 tomcat7 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.10303EPSS
Exploits5
OSV
OSV
•added 2016/06/28 12:0 a.m.•54 views

DSA-3607-1 linux - security update

Bulletin has no description...

10CVSS7.7AI score0.2593EPSS
Exploits50
OSV
OSV
•added 2015/04/24 12:0 a.m.•54 views

DSA-3235-1 openjdk-7 - security update

Bulletin has no description...

10CVSS5.7AI score0.07224EPSS
Exploits0
OSV
OSV
•added 2015/03/06 12:0 a.m.•54 views

DLA-165-1 eglibc - security update

Bulletin has no description...

7.5CVSS6.9AI score0.16665EPSS
Exploits13
OSV
OSV
•added 2015/01/15 12:0 a.m.•54 views

DSA-3128-1 linux - security update

Bulletin has no description...

6.9CVSS5.8AI score0.00588EPSS
Exploits0
OSV
OSV
•added 2014/07/24 12:0 a.m.•54 views

DSA-2989-1 apache2 - security update

Bulletin has no description...

6.8CVSS6AI score0.85744EPSS
Exploits5
OSV
OSV
•added 2013/12/12 12:0 a.m.•54 views

DSA-2816-1 php5 - several

Bulletin has no description...

7.5CVSS7.4AI score0.35635EPSS
Exploits8
OSV
OSV
•added 2009/06/28 12:0 a.m.•54 views

DSA-1845-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

7.2CVSS6.5AI score0.00594EPSS
Exploits4
OSV
OSV
•added 2009/01/15 12:0 a.m.•54 views

DSA-1707-1 iceweasel - several vulnerabilities

Bulletin has no description...

10CVSS9.8AI score0.03201EPSS
Exploits1
OSV
OSV
•added 2008/07/11 12:0 a.m.•54 views

DSA-1607-1 iceweasel - several vulnerabilities

Bulletin has no description...

10CVSS6.5AI score0.13949EPSS
Exploits2
OSV
OSV
•added 2008/02/10 12:0 a.m.•54 views

DSA-1489-1 iceweasel - several vulnerabilities

Bulletin has no description...

9.3CVSS9.7AI score0.08633EPSS
Exploits5
OSV
OSV
•added 2006/08/29 12:0 a.m.•54 views

DSA-1160 mozilla - several

Bulletin has no description...

9.3CVSS6.4AI score0.0747EPSS
Exploits0
OSV
OSV
•added 2006/08/02 12:0 a.m.•54 views

DSA-1137-1 tiff - several vulnerabilities

Bulletin has no description...

7.8CVSS6.5AI score0.53046EPSS
Exploits13
OSV
OSV
•added 2005/12/14 12:0 a.m.•54 views

DSA-922-1 kernel-source-2.6.8 - several

Bulletin has no description...

7.5CVSS5.6AI score0.04626EPSS
Exploits7
OSV
OSV
•added 2004/04/14 12:0 a.m.•54 views

DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities

Bulletin has no description...

7.2CVSS6.2AI score0.02603EPSS
Exploits0
OSV
OSV
•added 2026/06/10 12:0 a.m.•53 views

ALSA-2026:25120 Critical: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...

9.8CVSS6.5AI score0.00563EPSS
Exploits0References28
OSV
OSV
•added 2026/05/09 3:18 a.m.•53 views

CGA-Q864-P2C3-38VR

Bulletin has no description...

9.1CVSS5.7AI score0.00338EPSS
Exploits1
OSV
OSV
•added 2025/06/01 12:0 a.m.•53 views

ASB-A-386950836

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00079EPSS
Exploits0References2
OSV
OSV
•added 2025/03/25 7:38 p.m.•53 views

GO-2025-3542 LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality in github.com/mudler/LocalAI

LocalAI Cross-Site Scripting XSS vulnerability in its search functionality in github.com/mudler/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

6.1CVSS5.2AI score0.00491EPSS
Exploits1References4
OSV
OSV
•added 2024/10/02 5:7 a.m.•53 views

RHSA-2024:7001 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.8CVSS7.7AI score0.01028EPSS
Exploits2References653
OSV
OSV
•added 2024/10/02 5:6 a.m.•53 views

RHSA-2024:5101 Red Hat Security Advisory: kernel security update

Bulletin has no description...

7.8CVSS8AI score0.08555EPSS
Exploits3References863
OSV
OSV
•added 2024/09/30 4:32 p.m.•53 views

RHSA-2023:1044 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits41References147
OSV
OSV
•added 2024/09/30 2:24 a.m.•53 views

RHSA-2022:8840 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update

Bulletin has no description...

9.8CVSS8.9AI score0.95764EPSS
Exploits14References87
OSV
OSV
•added 2024/09/13 4:48 p.m.•53 views

RHEA-2019:1119 Red Hat Enhancement Advisory: rhvm-appliance security, bug fix, and enhancement update

Bulletin has no description...

5.3CVSS6.4AI score0.0657EPSS
Exploits1References11
OSV
OSV
•added 2024/08/21 3:11 p.m.•53 views

GO-2022-0517 Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd...

6.1CVSS4.7AI score0.005EPSS
Exploits0References6
OSV
OSV
•added 2024/08/20 8:29 p.m.•53 views

GO-2023-1660 Answer vulnerable to Business Logic Errors in github.com/answerdev/answer

Answer vulnerable to Business Logic Errors in github.com/answerdev/answer...

8.1CVSS5.3AI score0.0075EPSS
Exploits1References4
OSV
OSV
•added 2024/08/08 12:0 a.m.•53 views

ALSA-2024:5102 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to...

9.8CVSS8.7AI score0.08555EPSS
Exploits3References300
OSV
OSV
•added 2024/07/03 7:17 a.m.•53 views

BIT-APACHE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.8AI score0.99957EPSS
Exploits1References8
OSV
OSV
•added 2024/07/01 7:15 p.m.•53 views

CVE-2024-38474

Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

9.8CVSS6.7AI score
Exploits0References3
OSV
OSV
•added 2024/07/01 11:19 a.m.•53 views

BIT-HUBBLE-UI-BACKEND-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.3AI score0.00285EPSS
Exploits0References4
OSV
OSV
•added 2024/07/01 11:13 a.m.•53 views

BIT-CILIUM-PROXY-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

5.5CVSS5.3AI score0.00217EPSS
Exploits0References6
OSV
OSV
•added 2024/06/05 3:11 p.m.•53 views

GO-2024-2777 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax

IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...

8.8CVSS9AI score0.00506EPSS
Exploits0References5
OSV
OSV
•added 2024/06/02 10:30 p.m.•53 views

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

8.1CVSS8.3AI score0.7939EPSS
Exploits1References9
OSV
OSV
•added 2024/03/14 12:0 a.m.•53 views

ALSA-2024:1334 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References6
OSV
OSV
•added 2024/03/10 5:15 a.m.•53 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

7.5CVSS6.9AI score
Exploits0References10
OSV
OSV
•added 2024/03/06 11:7 a.m.•53 views

BIT-PYTHON-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

9.8CVSS9.7AI score0.08235EPSS
Exploits0References15
OSV
OSV
•added 2024/03/06 11:1 a.m.•53 views

BIT-PHP-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

9.8CVSS8.8AI score0.08003EPSS
Exploits3References5
OSV
OSV
•added 2024/03/06 10:53 a.m.•53 views

BIT-GOLANG-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2024/01/19 8:15 p.m.•53 views

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7AI score0.01703EPSS
Exploits0References5
OSV
OSV
•added 2023/12/11 10:37 p.m.•53 views

CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...

6CVSS8.6AI score0.00376EPSS
Exploits1References4
OSV
OSV
•added 2023/11/14 8:39 p.m.•53 views

GHSA-C3HF-8VGX-72RH Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do...

7.6CVSS9AI score0.12512EPSS
Exploits0References5
OSV
OSV
•added 2023/11/14 8:36 p.m.•53 views

GHSA-3FX3-85R4-8J3W Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance...

6.2CVSS7.7AI score0.01085EPSS
Exploits0References5
OSV
OSV
•added 2023/11/11 11:0 p.m.•53 views

RLSA-2023:6077 Moderate: toolbox security update

The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References3
OSV
OSV
•added 2023/11/07 12:0 a.m.•53 views

ALSA-2023:6667 Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

7.5CVSS7.1AI score0.62606EPSS
Exploits0References10
OSV
OSV
•added 2023/11/07 12:0 a.m.•53 views

ALSA-2023:6324 Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS9AI score0.27095EPSS
Exploits3References4
OSV
OSV
•added 2023/11/03 1:15 p.m.•53 views

CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...

9.8CVSS7.2AI score0.02409EPSS
Exploits1References12
OSV
OSV
•added 2023/11/01 7:18 a.m.•53 views

BIT-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.1AI score0.03796EPSS
Exploits0References7Affected Software1
OSV
OSV
•added 2023/10/19 6:17 a.m.•53 views

BIT-2023-42780

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...

6.5CVSS6.6AI score0.01071EPSS
Exploits0References2Affected Software1
OSV
OSV
•added 2023/10/19 6:17 a.m.•53 views

BIT-2023-45348

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...

4.3CVSS6.5AI score0.01232EPSS
Exploits0References2Affected Software1
OSV
OSV
•added 2023/10/17 2:37 a.m.•53 views

GHSA-7V4P-328V-8V5G Traefik vulnerable to HTTP/2 request causing denial of service

Impact A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2023-44487 - CVE-2023-39325 Patches - https://github.com/traefik/traefik/releases/tag/v2.10.5 -...

7.7AI score
Exploits0References3
Total number of security vulnerabilities5000