Lucene search
K
OsvMost viewed

907650 matches found

OSV
OSV
•added 2020/05/20 3:55 p.m.•49 views

GHSA-GG84-QGV9-W4PQ CRLF injection in httplib2

Impact Attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. Impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping...

6.8CVSS6.7AI score0.02593EPSS
Exploits0References14
OSV
OSV
•added 2020/03/20 12:0 a.m.•49 views

DSA-4643-1 python-bleach - security update

Bulletin has no description...

6.1CVSS6.3AI score0.01301EPSS
Exploits1
OSV
OSV
•added 2020/02/24 10:15 p.m.•49 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

4.8CVSS6.2AI score
Exploits0References19
OSV
OSV
•added 2020/01/29 12:0 a.m.•49 views

DLA-2085-1 zlib - security update

Bulletin has no description...

9.8CVSS8.5AI score0.07489EPSS
Exploits0
OSV
OSV
•added 2020/01/27 12:0 a.m.•49 views

DLA-2077-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.10687EPSS
Exploits0
OSV
OSV
•added 2020/01/16 4:15 p.m.•49 views

CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

5.3CVSS6.4AI score
Exploits0References5
OSV
OSV
•added 2020/01/14 8:15 p.m.•49 views

PYSEC-2020-175

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

7.8CVSS1.7AI score0.00689EPSS
Exploits1References1
OSV
OSV
•added 2019/08/13 12:0 a.m.•49 views

DLA-1884-1 linux - security update

Bulletin has no description...

9.3CVSS6.8AI score0.05111EPSS
Exploits9
OSV
OSV
•added 2019/07/20 12:0 a.m.•49 views

DSA-4484-1 linux - security update

Bulletin has no description...

7.8CVSS8.3AI score0.52199EPSS
Exploits21
OSV
OSV
•added 2019/07/17 1:15 p.m.•49 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

7.8CVSS6.4AI score0.52199EPSS
Exploits21References30
OSV
OSV
•added 2019/05/09 12:0 a.m.•49 views

DLA-1781-1 qemu - security update

Bulletin has no description...

9.8CVSS7.5AI score0.04428EPSS
Exploits0
OSV
OSV
•added 2019/03/26 6:29 p.m.•49 views

PYSEC-2019-193

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS2.4AI score0.00878EPSS
Exploits0References2
OSV
OSV
•added 2019/02/09 12:0 a.m.•49 views

DSA-4387-1 openssh - security update

Bulletin has no description...

6.8CVSS6.3AI score0.58204EPSS
Exploits9
OSV
OSV
•added 2019/01/30 12:0 a.m.•49 views

DLA-1651-1 libgd2 - security update

Bulletin has no description...

9.8CVSS8AI score0.65116EPSS
Exploits8
OSV
OSV
•added 2019/01/11 12:0 a.m.•49 views

DLA-1633-1 sqlite3 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.08609EPSS
Exploits0
OSV
OSV
•added 2018/10/16 7:54 p.m.•49 views

GHSA-35HC-X2CW-2J4V Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

7.5CVSS7.4AI score0.077EPSS
Exploits0References5
OSV
OSV
•added 2018/08/17 7:29 p.m.•49 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

5.3CVSS3.5AI score
Exploits0References18
OSV
OSV
•added 2018/08/02 2:29 p.m.•49 views

CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...

7.5CVSS6.9AI score
Exploits0References38
OSV
OSV
•added 2018/07/27 12:0 a.m.•49 views

DLA-1446-1 intel-microcode - security update

Bulletin has no description...

5.6CVSS6.3AI score0.60631EPSS
Exploits2
OSV
OSV
•added 2018/07/11 1:29 p.m.•49 views

CVE-2018-8007

Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...

7.2CVSS7.9AI score0.11681EPSS
Exploits3References9
OSV
OSV
•added 2018/03/29 12:0 a.m.•49 views

DSA-4156-1 drupal7 - security update

Bulletin has no description...

9.8CVSS9.9AI score0.99993EPSS
Exploits46
OSV
OSV
•added 2018/01/18 11:29 p.m.•49 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.1AI score
Exploits0References45
OSV
OSV
•added 2017/12/20 9:29 a.m.•49 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS9.5AI score
Exploits0References9
OSV
OSV
•added 2017/12/13 9:38 p.m.•49 views

GHSA-8C56-CPMW-89X7 Out-of-bounds read in nokogiri

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying ...

7.5CVSS6.8AI score0.04626EPSS
Exploits1References4
OSV
OSV
•added 2017/10/24 6:33 p.m.•49 views

GHSA-FHJ9-CJJH-27VM Active Record contains deserialization of arbitrary YAML

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.3AI score0.07497EPSS
Exploits1References12
OSV
OSV
•added 2017/10/24 6:33 p.m.•49 views

GHSA-XGR2-V94M-RC9G activesupport in Rails vulnerable to incorrect data conversion

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS8.2AI score0.98582EPSS
Exploits7References20
OSV
OSV
•added 2017/10/06 12:0 a.m.•49 views

DSA-3992-1 curl - security update

Bulletin has no description...

7.5CVSS7.3AI score0.08465EPSS
Exploits0
OSV
OSV
•added 2017/10/03 12:0 a.m.•49 views

DSA-3991-1 qemu - security update

Bulletin has no description...

8.8CVSS6.9AI score0.03841EPSS
Exploits0
OSV
OSV
•added 2017/09/20 5:29 p.m.•49 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS8.2AI score0.99461EPSS
Exploits23References5
OSV
OSV
•added 2017/07/13 1:29 p.m.•49 views

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...

7.5CVSS7.4AI score0.62597EPSS
Exploits6References7
OSV
OSV
•added 2017/06/27 5:29 p.m.•49 views

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8CVSS7.8AI score0.99999EPSS
Exploits19References8
OSV
OSV
•added 2017/03/08 12:0 a.m.•49 views

DLA-849-1 linux - security update

Bulletin has no description...

7.8CVSS7.1AI score0.04666EPSS
Exploits2
OSV
OSV
•added 2017/02/22 12:0 a.m.•49 views

DSA-3791-1 linux - security update

Bulletin has no description...

9.8CVSS6.9AI score0.0596EPSS
Exploits13
OSV
OSV
•added 2017/02/08 12:0 a.m.•49 views

DSA-3783-1 php5 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.41943EPSS
Exploits1
OSV
OSV
•added 2017/01/19 12:0 a.m.•49 views

DSA-3767-1 mysql-5.5 - security update

Bulletin has no description...

6.7CVSS6.3AI score0.04792EPSS
Exploits0
OSV
OSV
•added 2016/12/31 12:0 a.m.•49 views

DSA-3750-1 libphp-phpmailer - security update

Bulletin has no description...

9.8CVSS9.9AI score0.99714EPSS
Exploits58
OSV
OSV
•added 2016/12/30 7:59 p.m.•49 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS10AI score0.99714EPSS
Exploits59References15
OSV
OSV
•added 2016/12/13 9:59 p.m.•49 views

CVE-2016-6664

mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...

7CVSS6.7AI score0.04313EPSS
Exploits18References15
OSV
OSV
•added 2016/10/05 12:0 a.m.•49 views

DSA-3688-1 nss - security update

Bulletin has no description...

9.8CVSS7.7AI score0.9986EPSS
Exploits1
OSV
OSV
•added 2016/07/18 12:0 a.m.•49 views

DLA-552-1 binutils - security update

Bulletin has no description...

9.8CVSS6.4AI score0.07267EPSS
Exploits1
OSV
OSV
•added 2016/06/09 12:0 a.m.•49 views

DLA-509-1 samba - security update

Bulletin has no description...

6.7AI score
Exploits0
OSV
OSV
•added 2016/04/13 3:59 p.m.•49 views

CVE-2015-8080

Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...

7.5CVSS7.6AI score
Exploits0References18
OSV
OSV
•added 2016/02/25 12:0 a.m.•49 views

DLA-432-1 postgresql-8.4 - security update

Bulletin has no description...

7.5CVSS7.7AI score0.06948EPSS
Exploits0
OSV
OSV
•added 2015/12/17 12:0 a.m.•49 views

DSA-3426-1 linux - security update

Bulletin has no description...

10CVSS7.4AI score0.02501EPSS
Exploits3
OSV
OSV
•added 2015/08/01 12:0 a.m.•49 views

DSA-3323-1 icu - security update

Bulletin has no description...

10CVSS7.4AI score0.2447EPSS
Exploits4
OSV
OSV
•added 2015/07/26 12:0 a.m.•49 views

DSA-3318-1 expat - security update

Bulletin has no description...

6.8CVSS7.9AI score0.19069EPSS
Exploits0
OSV
OSV
•added 2015/03/20 12:0 a.m.•49 views

DLA-177-1 openssl - security update

Bulletin has no description...

7.5CVSS6.8AI score0.44503EPSS
Exploits1
OSV
OSV
•added 2014/10/16 12:0 a.m.•49 views

DSA-3053-1 openssl - security update

Bulletin has no description...

7.1CVSS4.8AI score0.37072EPSS
Exploits0
OSV
OSV
•added 2014/09/29 12:0 a.m.•49 views

DLA-67-1 php5 - security update

Bulletin has no description...

6.8CVSS7.6AI score0.20237EPSS
Exploits2
OSV
OSV
•added 2014/09/26 12:0 a.m.•49 views

DLA-63-1 bash - security update

Bulletin has no description...

10CVSS7.6AI score0.9994EPSS
Exploits19
Total number of security vulnerabilities5000