Lucene search
K
OsvMost viewed

921352 matches found

OSV
OSV
•added 2011/08/29 12:0 a.m.•52 views

DSA-2298-1 apache2 - denial of service

Bulletin has no description...

7.8CVSS6.1AI score0.98945EPSS
Exploits17
OSV
OSV
•added 2011/05/10 12:0 a.m.•52 views

DSA-2235-1 icedove - several

Bulletin has no description...

10CVSS9.7AI score0.73655EPSS
Exploits19
OSV
OSV
•added 2008/11/17 12:0 a.m.•52 views

DSA-1666-1 libxml2 - several vulnerabilities

Bulletin has no description...

10CVSS6.5AI score0.04051EPSS
Exploits1
OSV
OSV
•added 2008/09/16 12:0 a.m.•52 views

DSA-1638-1 openssh - denial of service

Bulletin has no description...

9.3CVSS8.3AI score0.44963EPSS
Exploits7
OSV
OSV
•added 2008/09/11 12:0 a.m.•52 views

DSA-1636-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

9.3CVSS6AI score0.04353EPSS
Exploits12
OSV
OSV
•added 2007/05/02 12:0 a.m.•52 views

DSA-1286-1 linux-2.6

Bulletin has no description...

7.8CVSS7.5AI score0.13529EPSS
Exploits8
OSV
OSV
•added 2005/09/01 12:0 a.m.•52 views

DSA-797-1 zsync - buffer overflow

Bulletin has no description...

7.5CVSS8.7AI score0.05476EPSS
Exploits3
OSV
OSV
•added 2003/06/09 12:0 a.m.•52 views

DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities

Bulletin has no description...

10CVSS5.2AI score0.73006EPSS
Exploits20
OSV
OSV
•added 2002/08/05 12:0 a.m.•52 views

DSA-143 krb5 - integer overflow

Bulletin has no description...

10CVSS9.4AI score0.58133EPSS
Exploits3
OSV
OSV
•added 2026/01/29 12:43 a.m.•51 views

CGA-4CM4-PXM6-X3MP

Bulletin has no description...

9.8CVSS5.8AI score0.01812EPSS
Exploits0
OSV
OSV
•added 2025/11/14 2:45 p.m.•51 views

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

9.8CVSS7.6AI score0.08042EPSS
Exploits0References4
OSV
OSV
•added 2025/10/29 3:38 p.m.•51 views

GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover

Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...

7.3CVSS5.9AI score
Exploits0References2
OSV
OSV
•added 2025/06/01 12:0 a.m.•51 views

ASB-A-367274727

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS6.4AI score0.00262EPSS
Exploits0References2
OSV
OSV
•added 2025/06/01 12:0 a.m.•51 views

ASB-A-303227969

In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.5AI score0.0008EPSS
Exploits0References2
OSV
OSV
•added 2025/01/10 1:3 p.m.•51 views

OESA-2025-1039 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...

5.9CVSS6.8AI score0.01468EPSS
Exploits1References2
OSV
OSV
•added 2024/12/09 6:51 a.m.•51 views

MAL-2024-11695 Malicious code in rk-pairip (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/11/15 6:45 p.m.•51 views

RHSA-2024:8870 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.3CVSS7.7AI score0.01483EPSS
Exploits0References212
OSV
OSV
•added 2024/10/21 10:15 p.m.•51 views

RHSA-2019:1529 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

9.1CVSS6.8AI score0.94494EPSS
Exploits3References26
OSV
OSV
•added 2024/10/02 11:24 a.m.•51 views

RHSA-2023:5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References18
OSV
OSV
•added 2024/10/02 12:13 a.m.•51 views

RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Bulletin has no description...

8.2CVSS8.6AI score0.05623EPSS
Exploits1References84
OSV
OSV
•added 2024/09/29 5:29 p.m.•51 views

RHSA-2020:2059 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security update

Bulletin has no description...

8.1CVSS7.8AI score0.9927EPSS
Exploits46References82
OSV
OSV
•added 2024/09/16 9:2 a.m.•51 views

RHSA-2023:2458 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7.7AI score0.03763EPSS
Exploits14References2067
OSV
OSV
•added 2024/09/14 2:10 a.m.•51 views

RHSA-2024:4312 Red Hat Security Advisory: openssh security update

Bulletin has no description...

8.1CVSS7.9AI score0.99506EPSS
Exploits68References10
OSV
OSV
•added 2024/09/10 6:50 p.m.•51 views

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

10CVSS9.4AI score0.10684EPSS
Exploits3References10
OSV
OSV
•added 2024/08/22 12:0 p.m.•51 views

RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

2.5CVSS4.8AI score0.00198EPSS
Exploits0References6
OSV
OSV
•added 2024/08/20 8:29 p.m.•51 views

GO-2023-1657 Answer has Guessable CAPTCHA in github.com/answerdev/answer

Answer has Guessable CAPTCHA in github.com/answerdev/answer...

5.3CVSS5.2AI score0.00614EPSS
Exploits1References4
OSV
OSV
•added 2024/08/20 8:29 p.m.•51 views

GO-2023-1617 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer

Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...

8.8CVSS5.2AI score0.0062EPSS
Exploits1References4
OSV
OSV
•added 2024/07/31 7:57 p.m.•51 views

GHSA-55P7-V223-X366 IdentityServer Open Redirect vulnerability

Impact It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Affected Methods - In the...

5.1CVSS4.6AI score0.00504EPSS
Exploits0References4
OSV
OSV
•added 2024/07/23 12:0 a.m.•51 views

ALSA-2024:4720 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

9.8CVSS8AI score0.99957EPSS
Exploits2References12
OSV
OSV
•added 2024/06/04 3:19 p.m.•51 views

GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker

Insecure Variable Substitution in Vela in github.com/go-vela/worker...

7.7CVSS6.7AI score0.00716EPSS
Exploits0References3
OSV
OSV
•added 2024/03/19 8:6 p.m.•51 views

GHSA-PMF3-C36M-G5CF Container escape at build time

Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind cat...

8.6CVSS8.7AI score0.0049EPSS
Exploits0References7
OSV
OSV
•added 2024/03/06 10:56 a.m.•51 views

BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS8.8AI score0.02281EPSS
Exploits0References7
OSV
OSV
•added 2024/03/01 12:0 a.m.•51 views

ASB-A-273935108

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00126EPSS
Exploits0References2
OSV
OSV
•added 2024/02/20 12:0 a.m.•51 views

ALSA-2024:0887 Moderate: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...

7.5CVSS7.2AI score0.01208EPSS
Exploits0References6
OSV
OSV
•added 2024/02/04 12:0 a.m.•51 views

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

7.5CVSS7.3AI score0.01815EPSS
Exploits1References10
OSV
OSV
•added 2024/02/03 12:47 a.m.•51 views

GHSA-VH55-786G-WJWJ .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NE...

5.9CVSS5.7AI score0.0192EPSS
Exploits0References6
OSV
OSV
•added 2024/02/01 12:0 a.m.•51 views

ALSA-2024:0647 Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References8
OSV
OSV
•added 2024/01/30 12:0 a.m.•51 views

ALSA-2024:0606 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

6.5CVSS7.3AI score0.93305EPSS
Exploits12References6
OSV
OSV
•added 2024/01/23 6:15 p.m.•51 views

PYSEC-2024-18

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS9.2AI score0.0098EPSS
Exploits1References8
OSV
OSV
•added 2024/01/12 3:15 a.m.•51 views

PYSEC-2024-10

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References5
OSV
OSV
•added 2024/01/09 6:30 p.m.•51 views

GHSA-98G6-XH36-X2P7 Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...

8.7CVSS9.5AI score0.0118EPSS
Exploits0References3
OSV
OSV
•added 2023/12/01 12:0 a.m.•51 views

ASB-A-275626001

In a2dpvendoropusdecoderdecodepacket of a2dpvendoropusdecoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.5AI score0.00524EPSS
Exploits0References2
OSV
OSV
•added 2023/11/14 12:0 a.m.•51 views

ALSA-2023:7090 Moderate: libmicrohttpd security update

GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

5.9CVSS5.9AI score0.01243EPSS
Exploits1References4
OSV
OSV
•added 2023/11/13 12:0 a.m.•51 views

DSA-5553-1 postgresql-15 - security update

Bulletin has no description...

8.8CVSS7AI score0.04322EPSS
Exploits0
OSV
OSV
•added 2023/11/07 12:0 a.m.•51 views

ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...

9.8CVSS8.2AI score0.04561EPSS
Exploits1References28
OSV
OSV
•added 2023/11/07 12:0 a.m.•51 views

ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

5.3CVSS6.2AI score0.014EPSS
Exploits0References6
OSV
OSV
•added 2023/10/30 3:25 p.m.•51 views

GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...

5.8AI score
Exploits0References8
OSV
OSV
•added 2023/10/19 4:8 p.m.•51 views

GHSA-R344-XW3P-2FRJ Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...

7.5CVSS7.5AI score0.00726EPSS
Exploits0References6
OSV
OSV
•added 2023/10/18 12:0 a.m.•51 views

ALSA-2023:5849 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...

7.5CVSS8.6AI score0.99999EPSS
Exploits19References10
OSV
OSV
•added 2023/10/17 2:21 p.m.•51 views

GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

10CVSS8.3AI score
Exploits0References4
Total number of security vulnerabilities5000