Lucene search
K
OsvMost viewed

907959 matches found

OSV
OSV
•added 2020/10/07 3:15 p.m.•52 views

CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS4.6AI score
Exploits0References9
OSV
OSV
•added 2020/09/01 12:0 a.m.•52 views

ASB-A-150156492

In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation...

5.7CVSS5.4AI score0.00333EPSS
Exploits0References2
OSV
OSV
•added 2020/06/15 7:57 p.m.•52 views

GHSA-XXGP-PCFC-3VGC Privilege Escalation in Hibernate Validator

In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege...

7CVSS7.7AI score0.00482EPSS
Exploits0References23
OSV
OSV
•added 2020/06/15 6:51 p.m.•52 views

GHSA-VMQM-G3VH-847M Denial of service in Apache Xerces2

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...

7.5CVSS7.1AI score0.17461EPSS
Exploits0References20
OSV
OSV
•added 2020/05/08 6:54 p.m.•52 views

GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

9CVSS8.5AI score0.00771EPSS
Exploits0References3
OSV
OSV
•added 2020/03/26 12:0 a.m.•52 views

DLA-2160-1 php5 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.0351EPSS
Exploits2
OSV
OSV
•added 2020/03/05 10:9 p.m.•52 views

GHSA-58MJ-PW57-4VM2 Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

6.1CVSS6.2AI score0.024EPSS
Exploits1References8
OSV
OSV
•added 2019/12/06 12:0 a.m.•52 views

DSA-4579-1 nss - security update

Bulletin has no description...

8.8CVSS7.8AI score0.02994EPSS
Exploits1
OSV
OSV
•added 2019/11/19 6:15 p.m.•52 views

CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

7.3CVSS7.1AI score0.03212EPSS
Exploits1References7
OSV
OSV
•added 2019/10/06 12:0 a.m.•52 views

DSA-4542-1 jackson-databind - security update

Bulletin has no description...

9.8CVSS8.9AI score0.10763EPSS
Exploits1
OSV
OSV
•added 2019/09/25 12:0 a.m.•52 views

DSA-4531-1 linux - security update

Bulletin has no description...

8.8CVSS7.5AI score0.00763EPSS
Exploits2
OSV
OSV
•added 2019/09/09 12:0 a.m.•52 views

DSA-4520-1 trafficserver - security update

Bulletin has no description...

7.8CVSS7.2AI score0.87806EPSS
Exploits1
OSV
OSV
•added 2019/08/15 5:31 p.m.•52 views

ALSA-2019:2511 Important: mysql:8.0 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql 8.0.17. Security Fixes: mysql: Server: Replication multiple unspecified vulnerabilities...

7.1CVSS7.8AI score0.04457EPSS
Exploits0References100
OSV
OSV
•added 2019/05/10 12:0 a.m.•52 views

DLA-1782-1 openjdk-7 - security update

Bulletin has no description...

8.1CVSS7.3AI score0.37618EPSS
Exploits1
OSV
OSV
•added 2019/04/15 3:29 p.m.•52 views

CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

8.1CVSS7.3AI score0.99652EPSS
Exploits9References32
OSV
OSV
•added 2019/03/30 12:0 a.m.•52 views

DSA-4420-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.9AI score0.19762EPSS
Exploits11
OSV
OSV
•added 2019/01/17 1:57 p.m.•52 views

GHSA-PH58-4VRJ-W6HR bootstrap Cross-site Scripting vulnerability

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

6.1CVSS6.2AI score0.03984EPSS
Exploits1References18
OSV
OSV
•added 2019/01/09 5:29 a.m.•52 views

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

6.1CVSS5.8AI score
Exploits0References14
OSV
OSV
•added 2018/12/11 5:29 p.m.•52 views

PYSEC-2018-32

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

9.8CVSS2.9AI score0.04488EPSS
Exploits0References11
OSV
OSV
•added 2018/11/07 12:0 a.m.•52 views

DLA-1570-1 mariadb-10.0 - security update

Bulletin has no description...

6.5CVSS6.6AI score0.03968EPSS
Exploits0
OSV
OSV
•added 2018/09/06 12:0 a.m.•52 views

DLA-1497-1 qemu - security update

Bulletin has no description...

10CVSS7.8AI score0.74041EPSS
Exploits12
OSV
OSV
•added 2018/09/02 12:0 a.m.•52 views

DLA-1491-1 tomcat8 - security update

Bulletin has no description...

7.5CVSS7.9AI score0.213EPSS
Exploits0
OSV
OSV
•added 2018/07/31 12:0 a.m.•52 views

DSA-4259-1 ruby2.3 - security update

Bulletin has no description...

9.8CVSS7.4AI score0.73927EPSS
Exploits6
OSV
OSV
•added 2018/02/19 7:29 p.m.•52 views

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...

9.8CVSS6.5AI score
Exploits0References8
OSV
OSV
•added 2018/01/25 4:29 p.m.•52 views

CVE-2017-15365

sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...

8.8CVSS9.4AI score
Exploits0References9
OSV
OSV
•added 2017/11/03 12:0 a.m.•52 views

DSA-4017-1 openssl1.0 - security update

Bulletin has no description...

6.5CVSS6.9AI score0.17699EPSS
Exploits0
OSV
OSV
•added 2017/10/20 12:0 a.m.•52 views

DSA-4005-1 openjfx - security update

Bulletin has no description...

9.6CVSS8.8AI score0.0229EPSS
Exploits0
OSV
OSV
•added 2017/09/21 12:0 a.m.•52 views

DLA-1102-1 apache2 - security update

Bulletin has no description...

7.5CVSS6.7AI score0.94999EPSS
Exploits9
OSV
OSV
•added 2017/06/22 12:0 a.m.•52 views

DLA-999-1 openvpn - security update

Bulletin has no description...

7.4CVSS7.5AI score0.0338EPSS
Exploits0
OSV
OSV
•added 2017/05/30 6:29 p.m.•52 views

CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...

9.8CVSS8.1AI score0.99448EPSS
Exploits24References17
OSV
OSV
•added 2017/01/27 5:59 p.m.•52 views

CVE-2016-1551

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip...

3.7CVSS6.3AI score0.02233EPSS
Exploits1References7
OSV
OSV
•added 2016/07/04 12:0 a.m.•52 views

DSA-3616-1 linux - security update

Bulletin has no description...

7.8CVSS6.5AI score0.00462EPSS
Exploits0
OSV
OSV
•added 2016/01/02 12:0 a.m.•52 views

DSA-3433-1 samba - security update

Bulletin has no description...

7.5CVSS6.5AI score0.13584EPSS
Exploits1
OSV
OSV
•added 2015/06/13 12:0 a.m.•52 views

DSA-3287-1 openssl - security update

Bulletin has no description...

7.5CVSS6.7AI score0.9986EPSS
Exploits2
OSV
OSV
•added 2015/05/02 12:0 a.m.•52 views

DSA-3245-1 ruby1.8 - security update

Bulletin has no description...

5.9CVSS6AI score0.02815EPSS
Exploits0
OSV
OSV
•added 2014/12/09 12:0 a.m.•52 views

DLA-103-1 linux-2.6 - security update

Bulletin has no description...

7.1CVSS6.9AI score0.05794EPSS
Exploits11
OSV
OSV
•added 2014/11/28 12:0 a.m.•52 views

DLA-96-1 openjdk-6 - security update

Bulletin has no description...

9.3CVSS5AI score0.06118EPSS
Exploits0
OSV
OSV
•added 2014/11/25 12:0 a.m.•52 views

DLA-94-1 php5 - security update

Bulletin has no description...

7.5CVSS7.8AI score0.28862EPSS
Exploits3
OSV
OSV
•added 2014/07/31 12:0 a.m.•52 views

DLA-27-1 file - security update

Bulletin has no description...

6.5CVSS7.8AI score0.20805EPSS
Exploits1
OSV
OSV
•added 2013/10/10 12:0 a.m.•52 views

DSA-2774-1 gnupg2 - several

Bulletin has no description...

5.8CVSS7.8AI score0.0503EPSS
Exploits0
OSV
OSV
•added 2012/05/09 12:0 a.m.•52 views

DSA-2465-1 php5 - several

Bulletin has no description...

9.8CVSS10AI score0.99998EPSS
Exploits44
OSV
OSV
•added 2011/11/09 12:0 a.m.•52 views

DSA-2342-1 iceape - several

Bulletin has no description...

9.3CVSS9.6AI score0.0233EPSS
Exploits0
OSV
OSV
•added 2011/11/05 12:0 a.m.•52 views

DSA-2336-1 ffmpeg - several

Bulletin has no description...

9.3CVSS9.3AI score0.05846EPSS
Exploits0
OSV
OSV
•added 2011/08/29 12:0 a.m.•52 views

DSA-2298-1 apache2 - denial of service

Bulletin has no description...

7.8CVSS6.1AI score0.98945EPSS
Exploits17
OSV
OSV
•added 2008/11/17 12:0 a.m.•52 views

DSA-1666-1 libxml2 - several vulnerabilities

Bulletin has no description...

10CVSS6.5AI score0.04051EPSS
Exploits1
OSV
OSV
•added 2008/09/16 12:0 a.m.•52 views

DSA-1638-1 openssh - denial of service

Bulletin has no description...

9.3CVSS8.3AI score0.44963EPSS
Exploits7
OSV
OSV
•added 2007/05/02 12:0 a.m.•52 views

DSA-1286-1 linux-2.6

Bulletin has no description...

7.8CVSS7.5AI score0.13529EPSS
Exploits8
OSV
OSV
•added 2005/09/01 12:0 a.m.•52 views

DSA-797-1 zsync - buffer overflow

Bulletin has no description...

7.5CVSS8.7AI score0.05476EPSS
Exploits3
OSV
OSV
•added 2003/06/09 12:0 a.m.•52 views

DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities

Bulletin has no description...

10CVSS5.2AI score0.73006EPSS
Exploits20
OSV
OSV
•added 2002/08/05 12:0 a.m.•52 views

DSA-143 krb5 - integer overflow

Bulletin has no description...

10CVSS9.4AI score0.58133EPSS
Exploits3
Total number of security vulnerabilities5000