Lucene search
K
OsvMost viewed

909148 matches found

OSV
OSV
•added 2021/09/16 3:15 p.m.•49 views

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS1AI score
Exploits0References17
OSV
OSV
•added 2021/08/25 8:54 p.m.•49 views

GHSA-8HFJ-XRJ2-PM22 Certificate check bypass in openssl-src

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.5AI score0.18339EPSS
Exploits1References27
OSV
OSV
•added 2021/08/03 2:56 a.m.•49 views

UVI-2021-1001489 udf: Fix NULL pointer dereference in udf_symlink function

udf: Fix NULL pointer dereference in udfsymlink function This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.2AI score
Exploits0
OSV
OSV
•added 2021/08/01 12:0 a.m.•49 views

ASB-A-171705902

In fixuppistateowner of futex.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS8.2AI score0.01377EPSS
Exploits1References2
OSV
OSV
•added 2021/07/30 10:15 p.m.•49 views

PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.5CVSS7.3AI score0.02277EPSS
Exploits0References3
OSV
OSV
•added 2021/07/28 12:0 a.m.•49 views

DSA-4945-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS7.5AI score0.03692EPSS
Exploits5
OSV
OSV
•added 2021/07/20 1:30 p.m.•49 views

ALSA-2021:2714 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: sizet-to-int conversion vulnerability in the filesystem layer CVE-2021-33909 kernel: race condition for removal of the HCI controller CVE-2021-32399 For more details about the security...

7.8CVSS7.5AI score0.09729EPSS
Exploits7References2
OSV
OSV
•added 2021/07/20 12:0 a.m.•49 views

DLA-2713-1 linux - security update

Bulletin has no description...

7.8CVSS6.8AI score0.09729EPSS
Exploits9
OSV
OSV
•added 2021/07/13 5:15 p.m.•49 views

PYSEC-2021-331

Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...

9.8CVSS5.7AI score0.03162EPSS
Exploits0References6
OSV
OSV
•added 2021/06/16 5:31 p.m.•49 views

GHSA-GQ67-PP9W-43GP Cryptographically weak CSRF tokens in Apache MyFaces

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...

7.5CVSS7.5AI score0.03026EPSS
Exploits3References7
OSV
OSV
•added 2021/05/06 12:0 a.m.•49 views

PSF-2021-2 ipaddress leading zeros in IPv4 address

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

9.8CVSS9.5AI score0.06827EPSS
Exploits1References1
OSV
OSV
•added 2021/04/27 12:0 a.m.•49 views

DSA-4906-1 chromium - security update

Bulletin has no description...

9.6CVSS7.8AI score0.57736EPSS
Exploits2
OSV
OSV
•added 2021/04/14 8:4 p.m.•49 views

GO-2020-0033 Path Traversal in aahframe.work

Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

7.5CVSS7.3AI score0.01143EPSS
Exploits0References3
OSV
OSV
•added 2021/04/01 12:0 a.m.•49 views

ASB-A-174737742

In blkdevget of blockdev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.2CVSS7.5AI score0.00928EPSS
Exploits1References2
OSV
OSV
•added 2021/03/04 12:0 p.m.•49 views

RUSTSEC-2021-0035 `quinn` invalidly assumes the memory layout of std::net::SocketAddr

The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

7.5CVSS7.4AI score0.0125EPSS
Exploits0References3
OSV
OSV
•added 2020/12/07 8:15 p.m.•49 views

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS6.5AI score
Exploits0References4
OSV
OSV
•added 2020/11/01 12:0 a.m.•49 views

ASB-A-161812320

In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

7.8CVSS8AI score0.00164EPSS
Exploits0References2
OSV
OSV
•added 2020/09/21 12:0 a.m.•49 views

DLA-2376-1 qtbase-opensource-src - security update

Bulletin has no description...

5.5CVSS6AI score0.03915EPSS
Exploits1
OSV
OSV
•added 2020/09/08 8:38 a.m.•49 views

RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

8.8CVSS8.7AI score0.08888EPSS
Exploits19References23
OSV
OSV
•added 2020/08/24 12:0 a.m.•49 views

DLA-2342-1 libjackson-json-java - security update

Bulletin has no description...

9.8CVSS9AI score0.37925EPSS
Exploits7
OSV
OSV
•added 2020/06/19 12:0 a.m.•49 views

DSA-4707-1 mutt - security update

Bulletin has no description...

5.9CVSS6AI score0.02288EPSS
Exploits0
OSV
OSV
•added 2020/06/09 12:0 a.m.•49 views

DLA-2241-1 linux - security update

Bulletin has no description...

7.8CVSS7.9AI score0.10114EPSS
Exploits18
OSV
OSV
•added 2020/05/20 3:55 p.m.•49 views

GHSA-GG84-QGV9-W4PQ CRLF injection in httplib2

Impact Attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. Impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping...

6.8CVSS6.7AI score0.02593EPSS
Exploits0References14
OSV
OSV
•added 2020/03/20 12:0 a.m.•49 views

DSA-4643-1 python-bleach - security update

Bulletin has no description...

6.1CVSS6.3AI score0.01301EPSS
Exploits1
OSV
OSV
•added 2020/02/24 10:15 p.m.•49 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

4.8CVSS6.2AI score0.09386EPSS
Exploits0References19
OSV
OSV
•added 2020/01/14 8:15 p.m.•49 views

PYSEC-2020-175

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

7.8CVSS1.7AI score0.00689EPSS
Exploits1References1
OSV
OSV
•added 2019/12/23 5:15 p.m.•49 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

7.5CVSS8.1AI score
Exploits0References19
OSV
OSV
•added 2019/12/19 12:0 a.m.•49 views

DLA-2043-1 gdk-pixbuf - security update

Bulletin has no description...

8.8CVSS6.7AI score0.03855EPSS
Exploits6
OSV
OSV
•added 2019/11/13 12:0 a.m.•49 views

DSA-4565-1 intel-microcode - security update

Bulletin has no description...

6.5CVSS6.7AI score0.03133EPSS
Exploits0
OSV
OSV
•added 2019/11/12 12:0 a.m.•49 views

DSA-4563-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS8.3AI score0.02542EPSS
Exploits0
OSV
OSV
•added 2019/04/20 12:0 a.m.•49 views

DSA-4434-1 drupal7 - security update

Bulletin has no description...

6.1CVSS6.5AI score0.87218EPSS
Exploits4
OSV
OSV
•added 2019/03/31 12:0 a.m.•49 views

DLA-1741-1 php5 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.09395EPSS
Exploits6
OSV
OSV
•added 2019/03/26 6:29 p.m.•49 views

PYSEC-2019-193

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS2.4AI score0.00878EPSS
Exploits0References2
OSV
OSV
•added 2019/03/26 6:29 p.m.•49 views

PYSEC-2019-78

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

7.8CVSS2.9AI score0.00386EPSS
Exploits0References3
OSV
OSV
•added 2019/02/09 12:0 a.m.•49 views

DSA-4387-1 openssh - security update

Bulletin has no description...

6.8CVSS6.3AI score0.58204EPSS
Exploits9
OSV
OSV
•added 2019/01/30 12:0 a.m.•49 views

DLA-1651-1 libgd2 - security update

Bulletin has no description...

9.8CVSS8AI score0.65116EPSS
Exploits8
OSV
OSV
•added 2018/08/02 2:29 p.m.•49 views

CVE-2018-1336

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...

7.5CVSS6.9AI score
Exploits0References38
OSV
OSV
•added 2018/07/27 12:0 a.m.•49 views

DLA-1446-1 intel-microcode - security update

Bulletin has no description...

5.6CVSS6.3AI score0.60631EPSS
Exploits2
OSV
OSV
•added 2018/07/11 1:29 p.m.•49 views

CVE-2018-8007

Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...

7.2CVSS7.9AI score0.11681EPSS
Exploits3References9
OSV
OSV
•added 2018/06/29 12:0 a.m.•49 views

DLA-1407-1 mariadb-10.0 - security update

Bulletin has no description...

7.7CVSS6.3AI score0.0401EPSS
Exploits0
OSV
OSV
•added 2017/12/20 9:29 a.m.•49 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS9.5AI score
Exploits0References9
OSV
OSV
•added 2017/12/13 9:38 p.m.•49 views

GHSA-8C56-CPMW-89X7 Out-of-bounds read in nokogiri

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying ...

7.5CVSS6.8AI score0.04626EPSS
Exploits1References4
OSV
OSV
•added 2017/10/24 6:33 p.m.•49 views

GHSA-FHJ9-CJJH-27VM Active Record contains deserialization of arbitrary YAML

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.3AI score0.07497EPSS
Exploits1References12
OSV
OSV
•added 2017/10/24 6:33 p.m.•49 views

GHSA-XGR2-V94M-RC9G activesupport in Rails vulnerable to incorrect data conversion

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS8.2AI score0.98582EPSS
Exploits7References20
OSV
OSV
•added 2017/09/20 5:29 p.m.•49 views

CVE-2017-12611

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

9.8CVSS8.2AI score0.99461EPSS
Exploits23References5
OSV
OSV
•added 2017/09/20 12:0 a.m.•49 views

DSA-3981-1 linux - security update

Bulletin has no description...

8.8CVSS8.1AI score0.20797EPSS
Exploits44
OSV
OSV
•added 2017/02/08 12:0 a.m.•49 views

DSA-3783-1 php5 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.41943EPSS
Exploits1
OSV
OSV
•added 2016/12/31 12:0 a.m.•49 views

DSA-3750-1 libphp-phpmailer - security update

Bulletin has no description...

9.8CVSS9.9AI score0.99714EPSS
Exploits58
OSV
OSV
•added 2016/12/13 9:59 p.m.•49 views

CVE-2016-6664

mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...

7CVSS6.7AI score0.04313EPSS
Exploits18References15
OSV
OSV
•added 2016/07/18 12:0 a.m.•49 views

DLA-552-1 binutils - security update

Bulletin has no description...

9.8CVSS6.4AI score0.07267EPSS
Exploits1
Total number of security vulnerabilities5000