Lucene search
K
OsvMost viewed

908024 matches found

OSV
OSV
•added 2008/11/17 12:0 a.m.•52 views

DSA-1666-1 libxml2 - several vulnerabilities

Bulletin has no description...

10CVSS6.5AI score0.04051EPSS
Exploits1
OSV
OSV
•added 2008/09/16 12:0 a.m.•52 views

DSA-1638-1 openssh - denial of service

Bulletin has no description...

9.3CVSS8.3AI score0.44963EPSS
Exploits7
OSV
OSV
•added 2007/05/02 12:0 a.m.•52 views

DSA-1286-1 linux-2.6

Bulletin has no description...

7.8CVSS7.5AI score0.13529EPSS
Exploits8
OSV
OSV
•added 2005/09/01 12:0 a.m.•52 views

DSA-797-1 zsync - buffer overflow

Bulletin has no description...

7.5CVSS8.7AI score0.05476EPSS
Exploits3
OSV
OSV
•added 2003/06/09 12:0 a.m.•52 views

DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities

Bulletin has no description...

10CVSS5.2AI score0.73006EPSS
Exploits20
OSV
OSV
•added 2002/08/05 12:0 a.m.•52 views

DSA-143 krb5 - integer overflow

Bulletin has no description...

10CVSS9.4AI score0.58133EPSS
Exploits3
OSV
OSV
•added 2026/05/09 3:18 a.m.•51 views

CGA-Q864-P2C3-38VR

Bulletin has no description...

9.1CVSS5.7AI score0.00338EPSS
Exploits1
OSV
OSV
•added 2026/02/03 4:4 p.m.•51 views

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

9.8CVSS5.6AI score0.27095EPSS
Exploits3References14
OSV
OSV
•added 2026/01/29 12:43 a.m.•51 views

CGA-4CM4-PXM6-X3MP

Bulletin has no description...

9.8CVSS5.8AI score0.01812EPSS
Exploits0
OSV
OSV
•added 2025/11/14 2:45 p.m.•51 views

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

9.8CVSS7.6AI score0.08042EPSS
Exploits0References4
OSV
OSV
•added 2025/06/01 12:0 a.m.•51 views

ASB-A-303227969

In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.5AI score0.0008EPSS
Exploits0References2
OSV
OSV
•added 2025/06/01 12:0 a.m.•51 views

ASB-A-367274727

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6.4AI score0.00262EPSS
Exploits0References2
OSV
OSV
•added 2025/04/07 12:0 p.m.•51 views

RUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

5.9AI score
Exploits0References3
OSV
OSV
•added 2025/04/01 12:0 a.m.•51 views

PUB-A-385736329

In n/a of n/a, there is a possible n/a due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.3AI score
Exploits0References1
OSV
OSV
•added 2025/01/10 1:3 p.m.•51 views

OESA-2025-1039 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...

5.9CVSS6.8AI score0.01468EPSS
Exploits1References2
OSV
OSV
•added 2024/12/09 6:51 a.m.•51 views

MAL-2024-11695 Malicious code in rk-pairip (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/11/15 6:45 p.m.•51 views

RHSA-2024:8870 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.3CVSS7.7AI score0.01483EPSS
Exploits0References212
OSV
OSV
•added 2024/10/21 10:15 p.m.•51 views

RHSA-2019:1529 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

9.1CVSS6.8AI score0.94494EPSS
Exploits3References26
OSV
OSV
•added 2024/10/02 11:24 a.m.•51 views

RHSA-2023:5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References18
OSV
OSV
•added 2024/09/30 2:52 p.m.•51 views

RHSA-2023:5485 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8

Bulletin has no description...

7.5CVSS7.7AI score0.02761EPSS
Exploits4References57
OSV
OSV
•added 2024/09/29 5:29 p.m.•51 views

RHSA-2020:2060 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 8 security update

Bulletin has no description...

8.1CVSS7.8AI score0.9927EPSS
Exploits46References82
OSV
OSV
•added 2024/09/29 5:29 p.m.•51 views

RHSA-2020:2059 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security update

Bulletin has no description...

8.1CVSS7.8AI score0.9927EPSS
Exploits46References82
OSV
OSV
•added 2024/09/16 9:2 a.m.•51 views

RHSA-2023:2458 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7.7AI score0.03763EPSS
Exploits13References2067
OSV
OSV
•added 2024/09/14 2:10 a.m.•51 views

RHSA-2024:4312 Red Hat Security Advisory: openssh security update

Bulletin has no description...

8.1CVSS7.9AI score0.99506EPSS
Exploits68References10
OSV
OSV
•added 2024/09/10 7:42 p.m.•51 views

GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

5CVSS6.9AI score0.00511EPSS
Exploits0References5
OSV
OSV
•added 2024/09/10 6:50 p.m.•51 views

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

10CVSS9.4AI score0.10684EPSS
Exploits3References10
OSV
OSV
•added 2024/08/20 8:29 p.m.•51 views

GO-2023-1657 Answer has Guessable CAPTCHA in github.com/answerdev/answer

Answer has Guessable CAPTCHA in github.com/answerdev/answer...

5.3CVSS5.2AI score0.00614EPSS
Exploits1References4
OSV
OSV
•added 2024/07/23 12:0 a.m.•51 views

ALSA-2024:4720 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

9.8CVSS8AI score0.99957EPSS
Exploits2References12
OSV
OSV
•added 2024/07/16 12:0 a.m.•51 views

DSA-5731-1 linux - security update

Bulletin has no description...

7.8CVSS7.7AI score0.00322EPSS
Exploits2
OSV
OSV
•added 2024/06/06 7:15 p.m.•51 views

PYSEC-2024-242

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

7.5CVSS7.4AI score0.21847EPSS
Exploits2References6
OSV
OSV
•added 2024/06/04 3:19 p.m.•51 views

GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker

Insecure Variable Substitution in Vela in github.com/go-vela/worker...

7.7CVSS6.7AI score0.00716EPSS
Exploits0References3
OSV
OSV
•added 2024/05/24 7:19 a.m.•51 views

BIT-GIT-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

9CVSS9.1AI score0.25334EPSS
Exploits32References9
OSV
OSV
•added 2024/03/06 10:56 a.m.•51 views

BIT-GITLAB-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...

8.1CVSS7.7AI score0.00742EPSS
Exploits1References3
OSV
OSV
•added 2024/03/06 10:56 a.m.•51 views

BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS8.8AI score0.02281EPSS
Exploits0References7
OSV
OSV
•added 2024/03/01 12:0 a.m.•51 views

ASB-A-273935108

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00126EPSS
Exploits0References2
OSV
OSV
•added 2024/02/20 12:0 a.m.•51 views

ALSA-2024:0887 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...

7.5CVSS7.2AI score0.01208EPSS
Exploits0References6
OSV
OSV
•added 2024/02/04 8:15 p.m.•51 views

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

7.5CVSS7.3AI score
Exploits0References8
OSV
OSV
•added 2024/02/01 12:0 a.m.•51 views

ASB-A-297524203

In attpbuildreadbytypevaluecmd of attprotocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.6AI score0.00613EPSS
Exploits0References2
OSV
OSV
•added 2024/01/23 6:15 p.m.•51 views

PYSEC-2024-18

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS9.2AI score0.0098EPSS
Exploits1References8
OSV
OSV
•added 2024/01/12 3:15 a.m.•51 views

PYSEC-2024-10

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References5
OSV
OSV
•added 2024/01/09 6:30 p.m.•51 views

GHSA-98G6-XH36-X2P7 Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...

8.7CVSS9.5AI score0.0118EPSS
Exploits0References3
OSV
OSV
•added 2023/11/14 12:0 a.m.•51 views

ALSA-2023:7090 Moderate: libmicrohttpd security update

GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

5.9CVSS5.9AI score0.01243EPSS
Exploits1References4
OSV
OSV
•added 2023/11/13 12:0 a.m.•51 views

DSA-5553-1 postgresql-15 - security update

Bulletin has no description...

8.8CVSS7AI score0.04322EPSS
Exploits0
OSV
OSV
•added 2023/11/11 11:0 p.m.•51 views

RLSA-2023:6077 Moderate: toolbox security update

The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References3
OSV
OSV
•added 2023/11/08 5:52 p.m.•51 views

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

4.3CVSS5.5AI score0.00609EPSS
Exploits0References5
OSV
OSV
•added 2023/11/07 12:0 a.m.•51 views

ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

5.3CVSS6.2AI score0.014EPSS
Exploits0References6
OSV
OSV
•added 2023/11/06 7:31 a.m.•51 views

BIT-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

7.2CVSS6.3AI score0.01886EPSS
Exploits0References2Affected Software1
OSV
OSV
•added 2023/11/02 7:24 a.m.•51 views

BIT-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

7.5CVSS6.8AI score0.01053EPSS
Exploits0References5Affected Software1
OSV
OSV
•added 2023/10/30 3:25 p.m.•51 views

GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...

5.8AI score
Exploits0References8
OSV
OSV
•added 2023/10/25 6:20 a.m.•51 views

BIT-2023-44309

Multiple stored cross-site scripting XSS vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked sourc...

9CVSS5.7AI score0.00462EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000