Lucene search
K
OsvMost viewed

910818 matches found

OSV
OSV
•added 2021/06/10 7:15 a.m.•50 views

CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

7.3CVSS6.9AI score
Exploits0References12
OSV
OSV
•added 2021/03/27 12:0 a.m.•50 views

DSA-4877-1 webkit2gtk - security update

Bulletin has no description...

9.8CVSS7.2AI score0.14542EPSS
Exploits1
OSV
OSV
•added 2021/03/25 12:0 a.m.•50 views

DSA-4876-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.8AI score0.01404EPSS
Exploits2
OSV
OSV
•added 2021/02/17 12:0 a.m.•50 views

DSA-4856-1 php7.3 - security update

Bulletin has no description...

7.5CVSS6.2AI score0.05029EPSS
Exploits3
OSV
OSV
•added 2021/02/11 8:42 p.m.•50 views

GHSA-X5R2-HJ5C-8JX6 SSRF in adminer

Impact Users of Adminer versions bundling all drivers e.g. adminer.php are affected. Patches Patched by ccd2374b, included in version 4.7.9. Workarounds Use a single driver version e.g. adminer-mysql.php. Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or...

7.2CVSS6.8AI score0.90461EPSS
Exploits3References9
OSV
OSV
•added 2021/01/01 12:0 a.m.•50 views

ASB-A-171232105

In LoadSBitPng of pngshim.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

9.6CVSS8.7AI score0.5063EPSS
Exploits2References2
OSV
OSV
•added 2020/11/18 12:0 a.m.•50 views

DLA-2456-1 python3.5 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.0642EPSS
Exploits1
OSV
OSV
•added 2020/11/09 1:15 a.m.•50 views

CVE-2020-24400

Magento versions 2.4.0 and 2.3.5 and earlier are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database...

7.1CVSS6.7AI score0.02273EPSS
Exploits0References1
OSV
OSV
•added 2020/11/03 12:24 p.m.•50 views

RLSA-2020:4659 Moderate: gd security update

GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fixes: gd: Heap-based buffer overflow in gdImageColorMatch in gdcolormatch.c CVE-2019-6977 gd: NULL pointer dereference in...

7.4CVSS8.7AI score0.65116EPSS
Exploits7References4
OSV
OSV
•added 2020/10/29 12:0 a.m.•50 views

DLA-2420-1 linux - security update

Bulletin has no description...

8.8CVSS7.9AI score0.07693EPSS
Exploits13
OSV
OSV
•added 2020/10/14 12:0 a.m.•50 views

DLA-2407-1 tomcat8 - security update

Bulletin has no description...

4.3CVSS5AI score0.57286EPSS
Exploits0
OSV
OSV
•added 2020/08/07 4:15 p.m.•50 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS6.7AI score0.58716EPSS
Exploits2References26
OSV
OSV
•added 2020/07/24 12:0 a.m.•50 views

DSA-4733-1 qemu - security update

Bulletin has no description...

6.8CVSS6.8AI score0.02486EPSS
Exploits0
OSV
OSV
•added 2020/06/03 12:0 a.m.•50 views

DSA-4695-1 firefox-esr - security update

Bulletin has no description...

9.3CVSS7AI score0.01537EPSS
Exploits1
OSV
OSV
•added 2020/02/24 7:12 p.m.•50 views

GHSA-7553-JR98-VX47 libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri...

7.5CVSS7.7AI score0.07836EPSS
Exploits0References19
OSV
OSV
•added 2020/02/10 8:15 a.m.•50 views

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS6.3AI score
Exploits0References14
OSV
OSV
•added 2020/01/27 12:0 a.m.•50 views

DLA-2077-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.10687EPSS
Exploits0
OSV
OSV
•added 2020/01/16 4:15 p.m.•50 views

CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

5.3CVSS6.4AI score
Exploits0References5
OSV
OSV
•added 2019/12/07 12:0 a.m.•50 views

DLA-2023-1 openjdk-7 - security update

Bulletin has no description...

6.8CVSS6.3AI score0.03749EPSS
Exploits0
OSV
OSV
•added 2019/11/06 1:15 p.m.•50 views

RLSA-2019:3735 Critical: php:7.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.1CVSS9.6AI score0.9947EPSS
Exploits54References2
OSV
OSV
•added 2019/07/20 12:0 a.m.•50 views

DSA-4484-1 linux - security update

Bulletin has no description...

7.8CVSS8.3AI score0.52199EPSS
Exploits21
OSV
OSV
•added 2019/07/17 1:15 p.m.•50 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

7.8CVSS6.4AI score0.52199EPSS
Exploits21References30
OSV
OSV
•added 2019/05/09 12:0 a.m.•50 views

DLA-1781-1 qemu - security update

Bulletin has no description...

9.8CVSS7.5AI score0.04428EPSS
Exploits0
OSV
OSV
•added 2019/05/06 12:0 a.m.•50 views

DLA-1777-1 jquery - security update

Bulletin has no description...

6.1CVSS6.5AI score0.87218EPSS
Exploits4
OSV
OSV
•added 2019/03/25 12:0 a.m.•50 views

DLA-1728-1 openssh - security update

Bulletin has no description...

6.8CVSS6.3AI score0.58204EPSS
Exploits9
OSV
OSV
•added 2019/02/09 12:0 a.m.•50 views

DSA-4387-1 openssh - security update

Bulletin has no description...

6.8CVSS6.3AI score0.58204EPSS
Exploits9
OSV
OSV
•added 2019/01/11 12:0 a.m.•50 views

DLA-1633-1 sqlite3 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.08609EPSS
Exploits0
OSV
OSV
•added 2018/08/17 7:29 p.m.•50 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

5.3CVSS3.5AI score
Exploits0References18
OSV
OSV
•added 2018/03/29 12:0 a.m.•50 views

DSA-4156-1 drupal7 - security update

Bulletin has no description...

9.8CVSS9.9AI score0.99993EPSS
Exploits46
OSV
OSV
•added 2018/01/18 11:29 p.m.•50 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.1AI score
Exploits0References45
OSV
OSV
•added 2017/10/06 12:0 a.m.•50 views

DSA-3992-1 curl - security update

Bulletin has no description...

7.5CVSS7.3AI score0.08465EPSS
Exploits0
OSV
OSV
•added 2017/10/03 12:0 a.m.•50 views

DSA-3991-1 qemu - security update

Bulletin has no description...

8.8CVSS6.9AI score0.03841EPSS
Exploits0
OSV
OSV
•added 2017/07/13 1:29 p.m.•50 views

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...

7.5CVSS7.4AI score0.62597EPSS
Exploits6References7
OSV
OSV
•added 2017/06/27 5:29 p.m.•50 views

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8CVSS7.8AI score0.99999EPSS
Exploits19References8
OSV
OSV
•added 2017/03/08 12:0 a.m.•50 views

DLA-849-1 linux - security update

Bulletin has no description...

7.8CVSS7.1AI score0.04666EPSS
Exploits2
OSV
OSV
•added 2017/02/22 12:0 a.m.•50 views

DSA-3791-1 linux - security update

Bulletin has no description...

9.8CVSS6.9AI score0.0596EPSS
Exploits13
OSV
OSV
•added 2016/12/30 7:59 p.m.•50 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS10AI score0.99714EPSS
Exploits59References15
OSV
OSV
•added 2016/10/05 12:0 a.m.•50 views

DSA-3688-1 nss - security update

Bulletin has no description...

9.8CVSS7.7AI score0.9986EPSS
Exploits1
OSV
OSV
•added 2016/06/09 12:0 a.m.•50 views

DLA-509-1 samba - security update

Bulletin has no description...

6.7AI score
Exploits0
OSV
OSV
•added 2016/04/13 3:59 p.m.•50 views

CVE-2015-8080

Integer overflow in the getnum function in luastruct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox...

7.5CVSS7.6AI score
Exploits0References18
OSV
OSV
•added 2016/02/21 12:0 a.m.•50 views

DSA-3486-1 chromium-browser - security update

Bulletin has no description...

10CVSS6.7AI score0.02639EPSS
Exploits1
OSV
OSV
•added 2015/11/01 12:0 a.m.•50 views

DSA-3388-1 ntp - security update

Bulletin has no description...

9.8CVSS6.9AI score0.81762EPSS
Exploits7
OSV
OSV
•added 2015/08/01 12:0 a.m.•50 views

DSA-3323-1 icu - security update

Bulletin has no description...

10CVSS7.4AI score0.2447EPSS
Exploits4
OSV
OSV
•added 2015/07/26 12:0 a.m.•50 views

DSA-3318-1 expat - security update

Bulletin has no description...

6.8CVSS7.9AI score0.19069EPSS
Exploits0
OSV
OSV
•added 2015/07/04 12:0 a.m.•50 views

DSA-3300-1 iceweasel - security update

Bulletin has no description...

10CVSS5.7AI score0.9986EPSS
Exploits2
OSV
OSV
•added 2015/03/20 12:0 a.m.•50 views

DLA-177-1 openssl - security update

Bulletin has no description...

7.5CVSS6.8AI score0.44503EPSS
Exploits1
OSV
OSV
•added 2014/11/18 12:0 a.m.•50 views

DSA-3074-1 php5 - security update

Bulletin has no description...

5CVSS8.4AI score0.14013EPSS
Exploits0
OSV
OSV
•added 2014/09/26 12:0 a.m.•50 views

DLA-63-1 bash - security update

Bulletin has no description...

10CVSS7.6AI score0.9994EPSS
Exploits19
OSV
OSV
•added 2014/06/20 12:0 a.m.•50 views

DLA-0008-1 openssl - security update

Bulletin has no description...

7.4CVSS6.8AI score0.95326EPSS
Exploits11
OSV
OSV
•added 2014/05/05 12:0 a.m.•50 views

DSA-2923-1 openjdk-7 - security update

Bulletin has no description...

10CVSS7.6AI score0.10117EPSS
Exploits1
Total number of security vulnerabilities5000