Lucene search
K
OsvMost viewed

907650 matches found

OSV
OSV
•added 2021/11/30 12:0 a.m.•48 views

DSA-5015-1 samba - security update

Bulletin has no description...

8.5CVSS7.2AI score0.01612EPSS
Exploits0
OSV
OSV
•added 2021/10/27 6:51 p.m.•48 views

GHSA-6768-MCJC-8223 Command injection leading to Remote Code Execution in Apache Storm

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS9.7AI score0.84489EPSS
Exploits4References5
OSV
OSV
•added 2021/10/12 3:53 p.m.•48 views

ALSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

9.8CVSS8.7AI score0.99999EPSS
Exploits5References3
OSV
OSV
•added 2021/09/23 12:0 a.m.•48 views

DLA-2765-1 mupdf - security update

Bulletin has no description...

7.8CVSS5.7AI score0.068EPSS
Exploits7
OSV
OSV
•added 2021/09/20 12:0 a.m.•48 views

DSA-4976-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.5AI score0.13486EPSS
Exploits1
OSV
OSV
•added 2021/08/25 8:49 p.m.•48 views

GHSA-WHC7-5P35-4WW2 Use after free in actix-service

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

5.5CVSS5.4AI score0.00374EPSS
Exploits1References5
OSV
OSV
•added 2021/08/03 2:57 a.m.•48 views

UVI-2021-1001491 mISDN: fix possible use-after-free in HFC_cleanup()

mISDN: fix possible use-after-free in HFCcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.3AI score
Exploits0
OSV
OSV
•added 2021/08/03 2:56 a.m.•48 views

UVI-2021-1001489 udf: Fix NULL pointer dereference in udf_symlink function

udf: Fix NULL pointer dereference in udfsymlink function This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.2AI score
Exploits0
OSV
OSV
•added 2021/08/03 2:56 a.m.•48 views

UVI-2021-1001488 wl1251: Fix possible buffer overflow in wl1251_cmd_scan

wl1251: Fix possible buffer overflow in wl1251cmdscan This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.7AI score
Exploits0
OSV
OSV
•added 2021/08/01 12:0 a.m.•48 views

ASB-A-171705902

In fixuppistateowner of futex.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS8.2AI score0.01377EPSS
Exploits1References2
OSV
OSV
•added 2021/07/20 12:0 a.m.•48 views

DLA-2713-1 linux - security update

Bulletin has no description...

7.8CVSS6.8AI score0.09729EPSS
Exploits9
OSV
OSV
•added 2021/07/13 5:15 p.m.•48 views

PYSEC-2021-331

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

9.8CVSS5.7AI score0.03162EPSS
Exploits0References6
OSV
OSV
•added 2021/06/30 12:38 a.m.•48 views

UVI-2021-1001085 mac80211: fix deadlock in AP/VLAN handling

mac80211: fix deadlock in AP/VLAN handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.2AI score
Exploits0
OSV
OSV
•added 2021/06/10 7:15 a.m.•48 views

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS6.8AI score
Exploits0References13
OSV
OSV
•added 2021/05/27 6:44 p.m.•48 views

GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint

Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...

3.1CVSS3.9AI score0.01336EPSS
Exploits0References8
OSV
OSV
•added 2021/05/01 12:0 p.m.•48 views

RUSTSEC-2021-0057 Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS7.4AI score0.50732EPSS
Exploits0References3
OSV
OSV
•added 2021/04/23 12:0 a.m.•48 views

DLA-2635-1 libspring-java - security update

Bulletin has no description...

9.8CVSS7.7AI score0.77245EPSS
Exploits5
OSV
OSV
•added 2021/04/01 12:0 a.m.•48 views

ASB-A-174737742

In blkdevget of blockdev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.2CVSS7.5AI score0.00928EPSS
Exploits1References2
OSV
OSV
•added 2021/03/02 12:0 a.m.•48 views

DSA-4867-1 grub2 - security update

Bulletin has no description...

8.2CVSS7.6AI score0.01738EPSS
Exploits0
OSV
OSV
•added 2021/03/01 12:0 a.m.•48 views

ASB-A-173516292

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00127EPSS
Exploits0References2
OSV
OSV
•added 2021/02/01 12:0 a.m.•48 views

ASB-A-145728687

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

9.3CVSS7.8AI score0.00732EPSS
Exploits0References6
OSV
OSV
•added 2021/01/13 6:22 p.m.•48 views

GHSA-487W-PQCM-63HQ Command injection in buns

There is a command injection vulnerability in all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule...

9.8CVSS9.7AI score0.01583EPSS
Exploits0References2
OSV
OSV
•added 2020/12/31 9:15 a.m.•48 views

CVE-2020-35914

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness...

4.7CVSS7.1AI score0.00324EPSS
Exploits0References1
OSV
OSV
•added 2020/12/07 8:15 p.m.•48 views

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS6.5AI score
Exploits0References4
OSV
OSV
•added 2020/11/17 2:15 a.m.•48 views

CVE-2020-14389

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have...

8.1CVSS6.6AI score0.00812EPSS
Exploits0References2
OSV
OSV
•added 2020/11/15 12:0 p.m.•48 views

RUSTSEC-2020-0149 Data race and memory safety issue in `Index`

The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...

5.9CVSS5.6AI score0.00978EPSS
Exploits1References3
OSV
OSV
•added 2020/11/03 12:25 p.m.•48 views

ALSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa 4.8.7, softhsm 2.6.0, opendnssec 2.1.6...

6.9CVSS8.2AI score0.99019EPSS
Exploits16References11
OSV
OSV
•added 2020/11/03 12:5 p.m.•48 views

RLSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

9.8CVSS8.8AI score0.77246EPSS
Exploits9References101
OSV
OSV
•added 2020/09/21 12:0 a.m.•48 views

DLA-2376-1 qtbase-opensource-src - security update

Bulletin has no description...

5.5CVSS6AI score0.03915EPSS
Exploits1
OSV
OSV
•added 2020/08/12 12:0 a.m.•48 views

DLA-2323-1 linux-4.19 - new package

Bulletin has no description...

9.8CVSS7AI score0.02503EPSS
Exploits3
OSV
OSV
•added 2020/08/10 12:0 a.m.•48 views

DLA-2320-1 golang-github-seccomp-libseccomp-golang - security update

Bulletin has no description...

7.5CVSS6.8AI score0.0245EPSS
Exploits0
OSV
OSV
•added 2020/06/15 7:57 p.m.•48 views

GHSA-XXGP-PCFC-3VGC Privilege Escalation in Hibernate Validator

In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege...

7CVSS7.7AI score0.00482EPSS
Exploits0References23
OSV
OSV
•added 2020/06/09 12:0 a.m.•48 views

DLA-2241-1 linux - security update

Bulletin has no description...

7.8CVSS7.9AI score0.10114EPSS
Exploits18
OSV
OSV
•added 2020/05/26 12:0 a.m.•48 views

DSA-4693-1 drupal7 - security update

Bulletin has no description...

6.9CVSS7.2AI score0.99019EPSS
Exploits11
OSV
OSV
•added 2020/05/21 12:0 a.m.•48 views

DSA-4691-1 pdns-recursor - security update

Bulletin has no description...

7.5CVSS7.5AI score0.04372EPSS
Exploits0
OSV
OSV
•added 2019/12/30 12:0 a.m.•48 views

DLA-2051-1 intel-microcode - security update

Bulletin has no description...

6.5CVSS6.7AI score0.03133EPSS
Exploits0
OSV
OSV
•added 2019/12/23 5:15 p.m.•48 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS8.1AI score
Exploits0References19
OSV
OSV
•added 2019/12/19 12:0 a.m.•48 views

DLA-2043-1 gdk-pixbuf - security update

Bulletin has no description...

8.8CVSS6.7AI score0.03855EPSS
Exploits6
OSV
OSV
•added 2019/12/05 12:0 a.m.•48 views

DLA-2021-1 libav - security update

Bulletin has no description...

9.8CVSS7.8AI score0.02305EPSS
Exploits3
OSV
OSV
•added 2019/11/13 12:0 a.m.•48 views

DSA-4565-1 intel-microcode - security update

Bulletin has no description...

6.5CVSS6.7AI score0.03133EPSS
Exploits0
OSV
OSV
•added 2019/11/12 12:0 a.m.•48 views

DSA-4563-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS8.3AI score0.02542EPSS
Exploits0
OSV
OSV
•added 2019/09/12 12:0 a.m.•48 views

DLA-1919-1 linux-4.9 - security update

Bulletin has no description...

10CVSS7.3AI score0.05189EPSS
Exploits13
OSV
OSV
•added 2019/07/21 12:0 a.m.•48 views

DSA-4486-1 openjdk-11 - security update

Bulletin has no description...

5.8CVSS5.8AI score0.04351EPSS
Exploits0
OSV
OSV
•added 2019/06/24 12:0 a.m.•48 views

DLA-1834-1 python2.7 - security update

Bulletin has no description...

9.8CVSS7.6AI score0.20743EPSS
Exploits4
OSV
OSV
•added 2019/05/06 12:0 a.m.•48 views

DLA-1777-1 jquery - security update

Bulletin has no description...

6.1CVSS6.5AI score0.87218EPSS
Exploits4
OSV
OSV
•added 2019/04/20 12:0 a.m.•48 views

DSA-4434-1 drupal7 - security update

Bulletin has no description...

6.1CVSS6.5AI score0.87218EPSS
Exploits4
OSV
OSV
•added 2019/03/31 12:0 a.m.•48 views

DLA-1741-1 php5 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.09395EPSS
Exploits6
OSV
OSV
•added 2019/03/26 6:29 p.m.•48 views

PYSEC-2019-78

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

7.8CVSS2.9AI score0.00386EPSS
Exploits0References3
OSV
OSV
•added 2019/03/09 12:29 a.m.•48 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS9.3AI score
Exploits0References15
OSV
OSV
•added 2019/03/02 12:0 a.m.•48 views

DSA-4387-2 openssh - security update

Bulletin has no description...

5.9CVSS6.2AI score0.58204EPSS
Exploits9
Total number of security vulnerabilities5000