Lucene search
K
OsvMost viewed

907959 matches found

OSV
OSV
•added 2022/02/09 12:56 a.m.•53 views

GHSA-52RG-HPWQ-QP56 Allocation of Resources Without Limits or Throttling in Keycloak

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body...

7.5CVSS7.3AI score0.02242EPSS
Exploits0References3
OSV
OSV
•added 2021/11/23 12:0 a.m.•53 views

DSA-5012-1 openjdk-17 - security update

Bulletin has no description...

6.8CVSS6.4AI score0.14839EPSS
Exploits0
OSV
OSV
•added 2021/10/26 2:15 p.m.•53 views

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

7.5CVSS1.6AI score
Exploits0References3
OSV
OSV
•added 2021/10/04 5:15 p.m.•53 views

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

7.8CVSS7.6AI score
Exploits0References7
OSV
OSV
•added 2021/10/01 12:0 a.m.•53 views

DSA-4979-1 mediawiki - security update

Bulletin has no description...

8.8CVSS6.3AI score0.01943EPSS
Exploits2
OSV
OSV
•added 2021/09/08 5:42 p.m.•53 views

GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

8.2CVSS8.2AI score0.02322EPSS
Exploits0References5
OSV
OSV
•added 2021/08/09 8:44 p.m.•53 views

GHSA-F865-M6CQ-J9VX ReDOS in Mpmath

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

8.7CVSS7.3AI score0.041EPSS
Exploits1References17
OSV
OSV
•added 2021/07/25 12:0 a.m.•53 views

DSA-4944-1 krb5 - security update

Bulletin has no description...

7.5CVSS7.4AI score0.10276EPSS
Exploits0
OSV
OSV
•added 2021/06/01 12:0 a.m.•53 views

DSA-4924-1 squid - security update

Bulletin has no description...

7.5CVSS6.7AI score0.95785EPSS
Exploits5
OSV
OSV
•added 2021/05/28 12:0 a.m.•53 views

DSA-4921-1 nginx - security update

Bulletin has no description...

7.7CVSS6.5AI score0.52838EPSS
Exploits10
OSV
OSV
•added 2021/05/13 12:0 a.m.•53 views

DSA-4915-1 postgresql-11 - security update

Bulletin has no description...

8.8CVSS7.8AI score0.0199EPSS
Exploits0
OSV
OSV
•added 2021/04/14 8:4 p.m.•53 views

GO-2020-0016 Infinite loop in github.com/ulikunitz/xz

An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector...

7.5CVSS7.2AI score0.01438EPSS
Exploits0References2
OSV
OSV
•added 2021/02/08 12:0 a.m.•53 views

DSA-4848-1 golang-1.11 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.0473EPSS
Exploits0
OSV
OSV
•added 2021/01/31 12:0 a.m.•53 views

DLA-2538-1 mariadb-10.1 - security update

Bulletin has no description...

6.8CVSS6.5AI score0.03012EPSS
Exploits0
OSV
OSV
•added 2020/12/16 11:15 a.m.•53 views

CVE-2020-28458

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...

7.3CVSS7.2AI score
Exploits0References7
OSV
OSV
•added 2020/12/01 12:0 a.m.•53 views

ASB-A-160265164

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

9.3CVSS8AI score0.0146EPSS
Exploits0References3
OSV
OSV
•added 2020/09/23 9:15 p.m.•53 views

CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

7.8CVSS3.3AI score
Exploits0References7
OSV
OSV
•added 2020/07/06 12:0 a.m.•53 views

DSA-4719-1 php7.3 - security update

Bulletin has no description...

8.8CVSS6.6AI score0.06264EPSS
Exploits7
OSV
OSV
•added 2020/02/28 4:53 p.m.•53 views

GHSA-84J7-475P-HP8V HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

6.5CVSS6.6AI score0.04569EPSS
Exploits0References11
OSV
OSV
•added 2020/02/17 12:0 a.m.•53 views

DSA-4627-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS7.6AI score0.02633EPSS
Exploits0
OSV
OSV
•added 2020/02/17 12:0 a.m.•53 views

DSA-4626-1 php7.3 - security update

Bulletin has no description...

9.1CVSS7.5AI score0.08888EPSS
Exploits5
OSV
OSV
•added 2020/02/12 12:0 a.m.•53 views

DSA-4621-1 openjdk-8 - security update

Bulletin has no description...

8.1CVSS6.8AI score0.04903EPSS
Exploits0
OSV
OSV
•added 2020/01/17 12:0 a.m.•53 views

DSA-4603-1 thunderbird - security update

Bulletin has no description...

8.8CVSS7.7AI score0.46589EPSS
Exploits8
OSV
OSV
•added 2019/04/27 12:0 p.m.•53 views

RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

7.5CVSS7.5AI score0.01411EPSS
Exploits0References3
OSV
OSV
•added 2019/04/03 12:0 a.m.•53 views

DSA-4422-1 apache2 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.65005EPSS
Exploits8
OSV
OSV
•added 2019/03/24 12:0 a.m.•53 views

DLA-1725-1 rsync - security update

Bulletin has no description...

9.8CVSS8.4AI score0.07489EPSS
Exploits0
OSV
OSV
•added 2019/01/31 6:29 p.m.•53 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS1.7AI score
Exploits0References23
OSV
OSV
•added 2018/12/19 12:0 a.m.•53 views

DSA-4355-1 openssl1.0 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.49268EPSS
Exploits4
OSV
OSV
•added 2018/12/10 12:0 a.m.•53 views

DSA-4353-1 php7.0 - security update

Bulletin has no description...

8.5CVSS7AI score0.9523EPSS
Exploits9
OSV
OSV
•added 2018/08/29 12:0 a.m.•53 views

DSA-4281-1 tomcat8 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.213EPSS
Exploits2
OSV
OSV
•added 2018/02/22 12:0 a.m.•53 views

DSA-4120-1 linux - security update

Bulletin has no description...

7.8CVSS6.8AI score0.84172EPSS
Exploits3
OSV
OSV
•added 2017/08/25 12:0 a.m.•53 views

DSA-3954-1 openjdk-7 - security update

Bulletin has no description...

9.6CVSS7.3AI score0.05034EPSS
Exploits0
OSV
OSV
•added 2016/05/19 12:0 a.m.•53 views

DLA-483-1 expat - security update

Bulletin has no description...

9.8CVSS8AI score0.13335EPSS
Exploits3
OSV
OSV
•added 2015/03/06 12:0 a.m.•53 views

DLA-165-1 eglibc - security update

Bulletin has no description...

7.5CVSS6.9AI score0.16665EPSS
Exploits13
OSV
OSV
•added 2015/01/15 12:0 a.m.•53 views

DSA-3128-1 linux - security update

Bulletin has no description...

6.9CVSS5.8AI score0.00588EPSS
Exploits0
OSV
OSV
•added 2014/07/24 12:0 a.m.•53 views

DSA-2989-1 apache2 - security update

Bulletin has no description...

6.8CVSS6AI score0.85744EPSS
Exploits5
OSV
OSV
•added 2014/05/16 12:0 a.m.•53 views

DSA-2929-1 ruby-actionpack-3.2 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.53703EPSS
Exploits2
OSV
OSV
•added 2013/02/25 12:0 a.m.•53 views

DSA-2632-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

6.9CVSS6.7AI score0.01434EPSS
Exploits2
OSV
OSV
•added 2011/06/18 12:0 a.m.•53 views

DSA-2264-1 linux-2.6 - several issues

Bulletin has no description...

9.8CVSS7AI score0.04177EPSS
Exploits23
OSV
OSV
•added 2011/03/19 12:0 a.m.•53 views

DSA-2195-1 php5 - several

Bulletin has no description...

6.8CVSS7AI score0.13333EPSS
Exploits10
OSV
OSV
•added 2009/08/13 12:0 a.m.•53 views

DSA-1861-1 libxml - several issues

Bulletin has no description...

6.5CVSS6.9AI score0.03121EPSS
Exploits2
OSV
OSV
•added 2009/01/15 12:0 a.m.•53 views

DSA-1707-1 iceweasel - several vulnerabilities

Bulletin has no description...

10CVSS9.8AI score0.03201EPSS
Exploits1
OSV
OSV
•added 2009/01/14 12:0 a.m.•53 views

DSA-1704-1 xulrunner - several vulnerabilities

Bulletin has no description...

10CVSS9.8AI score0.03201EPSS
Exploits1
OSV
OSV
•added 2008/07/11 12:0 a.m.•53 views

DSA-1607-1 iceweasel - several vulnerabilities

Bulletin has no description...

10CVSS6.5AI score0.13949EPSS
Exploits2
OSV
OSV
•added 2008/07/08 12:0 a.m.•53 views

DSA-1603-1 bind9 - cache poisoning

Bulletin has no description...

6.8CVSS6.9AI score0.95182EPSS
Exploits20
OSV
OSV
•added 2008/06/09 12:0 a.m.•53 views

DSA-1592-1 linux-2.6 - overflow conditions

Bulletin has no description...

10CVSS6.2AI score0.07091EPSS
Exploits3
OSV
OSV
•added 2007/10/20 12:0 a.m.•53 views

DSA-1392-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
OSV
OSV
•added 2005/12/14 12:0 a.m.•53 views

DSA-921-1 kernel-source-2.4.27 - several

Bulletin has no description...

7.5CVSS6.2AI score0.04626EPSS
Exploits4
OSV
OSV
•added 2004/12/10 12:0 a.m.•53 views

DSA-607-1 xfree86 - several

Bulletin has no description...

10CVSS6.1AI score0.08698EPSS
Exploits0
OSV
OSV
•added 2004/04/16 12:0 a.m.•53 views

DSA-486 cvs - several vulnerabilities

Bulletin has no description...

5CVSS6AI score0.02354EPSS
Exploits0
Total number of security vulnerabilities5000