Lucene search
K
OsvMost viewed

907635 matches found

OSV
OSV
•added 2022/03/15 1:0 a.m.•47 views

CVE-2022-0944 Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

9.1CVSS8.2AI score0.08669EPSS
Exploits12References4
OSV
OSV
•added 2022/02/18 12:0 a.m.•47 views

GHSA-73Q4-J324-2QCC Incorrect authorization in Drupal core

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References2
OSV
OSV
•added 2022/01/31 9:15 p.m.•47 views

PYSEC-2022-24

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS3.3AI score0.00953EPSS
Exploits0References2
OSV
OSV
•added 2022/01/26 7:15 p.m.•47 views

CVE-2022-23990

Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...

7.5CVSS3.8AI score
Exploits0References8
OSV
OSV
•added 2022/01/25 12:0 a.m.•47 views

DSA-5060-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS8AI score0.07617EPSS
Exploits1
OSV
OSV
•added 2022/01/24 12:0 a.m.•47 views

DSA-5057-1 openjdk-11 - security update

Bulletin has no description...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
•added 2021/12/26 12:0 a.m.•47 views

DLA-2852-1 apache-log4j2 - security update

Bulletin has no description...

5.9CVSS7.9AI score0.99999EPSS
Exploits20
OSV
OSV
•added 2021/12/15 4:11 p.m.•47 views

RLSA-2021:5160 Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...

7.5CVSS6.8AI score0.03958EPSS
Exploits0References3
OSV
OSV
•added 2021/12/11 12:0 a.m.•47 views

DSA-5020-1 apache-log4j2 - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits349
OSV
OSV
•added 2021/12/08 7:55 p.m.•47 views

GHSA-25F5-GC4H-HC22 Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS8AI score0.0121EPSS
Exploits1References6
OSV
OSV
•added 2021/10/20 12:41 p.m.•47 views

ALSA-2021:3891 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS6.5AI score0.14839EPSS
Exploits0References10
OSV
OSV
•added 2021/10/12 3:53 p.m.•47 views

ALSA-2021:3816 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...

9.8CVSS8.7AI score0.99999EPSS
Exploits5References3
OSV
OSV
•added 2021/09/20 12:0 a.m.•47 views

DSA-4976-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.5AI score0.13486EPSS
Exploits1
OSV
OSV
•added 2021/08/03 2:57 a.m.•47 views

UVI-2021-1001491 mISDN: fix possible use-after-free in HFC_cleanup()

mISDN: fix possible use-after-free in HFCcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

7.3AI score
Exploits0
OSV
OSV
•added 2021/08/02 5:25 p.m.•47 views

GHSA-88CW-3M6X-49F7 Out-of-bounds Write in ChakraCore

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048...

7.5CVSS5.5AI score0.01913EPSS
Exploits0References4
OSV
OSV
•added 2021/07/28 12:0 a.m.•47 views

DSA-4945-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS7.5AI score0.03692EPSS
Exploits5
OSV
OSV
•added 2021/06/30 12:38 a.m.•47 views

UVI-2021-1001082 x86/fpu: Prevent state corruption in __fpu__restore_sig()

x86/fpu: Prevent state corruption in fpurestoresig This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.4AI score
Exploits0
OSV
OSV
•added 2021/06/22 12:0 a.m.•47 views

DLA-2690-1 linux-4.19 - security update

Bulletin has no description...

7.8CVSS8AI score0.07604EPSS
Exploits13
OSV
OSV
•added 2021/04/14 3:3 p.m.•47 views

GHSA-4C7M-WXVM-R7GC Improper parsing of octal bytes in netmask

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

9.1CVSS7.1AI score0.16356EPSS
Exploits1References9
OSV
OSV
•added 2021/04/06 12:0 a.m.•47 views

DSA-4886-1 chromium - security update

Bulletin has no description...

8.8CVSS7.5AI score0.26525EPSS
Exploits27
OSV
OSV
•added 2021/03/30 12:0 a.m.•47 views

DSA-4881-1 curl - security update

Bulletin has no description...

7.8CVSS6.7AI score0.09917EPSS
Exploits7
OSV
OSV
•added 2021/03/02 12:0 a.m.•47 views

DSA-4867-1 grub2 - security update

Bulletin has no description...

8.2CVSS7.6AI score0.01738EPSS
Exploits0
OSV
OSV
•added 2021/02/27 12:0 a.m.•47 views

DSA-4865-1 docker.io - security update

Bulletin has no description...

6.8CVSS6.4AI score0.03287EPSS
Exploits5
OSV
OSV
•added 2021/02/02 12:0 a.m.•47 views

DLA-2539-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS6.9AI score0.01556EPSS
Exploits0
OSV
OSV
•added 2021/02/01 12:0 a.m.•47 views

ASB-A-145728687

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

9.3CVSS7.8AI score0.00732EPSS
Exploits0References6
OSV
OSV
•added 2020/12/08 12:0 a.m.•47 views

DSA-4807-1 openssl - security update

Bulletin has no description...

5.9CVSS6AI score0.06968EPSS
Exploits3
OSV
OSV
•added 2020/11/21 12:0 a.m.•47 views

DSA-4796-1 thunderbird - security update

Bulletin has no description...

9.3CVSS7AI score0.0247EPSS
Exploits1
OSV
OSV
•added 2020/11/03 12:5 p.m.•47 views

RLSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...

9.8CVSS8.8AI score0.77246EPSS
Exploits9References101
OSV
OSV
•added 2020/10/19 1:15 p.m.•47 views

PYSEC-2020-142

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

5.3CVSS4.5AI score0.0047EPSS
Exploits0References2
OSV
OSV
•added 2020/10/01 12:0 a.m.•47 views

ASB-A-140417248

In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege of a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitatio...

7.8CVSS7.5AI score0.00277EPSS
Exploits0References1
OSV
OSV
•added 2020/09/09 7:15 p.m.•47 views

CVE-2020-1913

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

8.1CVSS6.7AI score0.01202EPSS
Exploits0References2
OSV
OSV
•added 2020/08/11 5:21 p.m.•47 views

GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...

8.1CVSS8AI score0.03009EPSS
Exploits0References3
OSV
OSV
•added 2020/06/30 12:0 a.m.•47 views

DSA-4712-1 imagemagick - security update

Bulletin has no description...

9.8CVSS7.1AI score0.04352EPSS
Exploits33
OSV
OSV
•added 2020/06/09 12:0 a.m.•47 views

DLA-2241-1 linux - security update

Bulletin has no description...

7.8CVSS7.9AI score0.10114EPSS
Exploits18
OSV
OSV
•added 2020/05/26 12:0 a.m.•47 views

DSA-4693-1 drupal7 - security update

Bulletin has no description...

6.9CVSS7.2AI score0.99019EPSS
Exploits11
OSV
OSV
•added 2020/05/21 12:0 a.m.•47 views

DSA-4691-1 pdns-recursor - security update

Bulletin has no description...

7.5CVSS7.5AI score0.04372EPSS
Exploits0
OSV
OSV
•added 2020/05/06 12:0 a.m.•47 views

DSA-4676-1 salt - security update

Bulletin has no description...

9.8CVSS8.5AI score0.96405EPSS
Exploits25
OSV
OSV
•added 2020/04/28 8:57 a.m.•47 views

ALSA-2020:1624 Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...

9.8CVSS8.9AI score0.10059EPSS
Exploits14References18
OSV
OSV
•added 2020/01/24 3:15 p.m.•47 views

CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS6.5AI score
Exploits0References19
OSV
OSV
•added 2020/01/20 12:0 a.m.•47 views

DSA-4606-1 chromium - security update

Bulletin has no description...

8.8CVSS7AI score0.15537EPSS
Exploits7
OSV
OSV
•added 2019/11/25 12:0 a.m.•47 views

DLA-2008-1 nss - security update

Bulletin has no description...

8.8CVSS8.9AI score0.02994EPSS
Exploits0
OSV
OSV
•added 2019/11/12 12:0 a.m.•47 views

DLA-1990-1 linux-4.9 - security update

Bulletin has no description...

7.8CVSS6.7AI score0.03133EPSS
Exploits0
OSV
OSV
•added 2019/09/12 12:0 a.m.•47 views

DLA-1919-1 linux-4.9 - security update

Bulletin has no description...

10CVSS7.3AI score0.05189EPSS
Exploits13
OSV
OSV
•added 2019/08/16 3:15 a.m.•47 views

CVE-2019-15107

An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability...

9.8CVSS7.2AI score0.99766EPSS
Exploits37References9
OSV
OSV
•added 2019/08/15 12:0 a.m.•47 views

DLA-1886-1 openjdk-7 - security update

Bulletin has no description...

5.8CVSS6.2AI score0.04472EPSS
Exploits0
OSV
OSV
•added 2019/07/20 12:0 a.m.•47 views

DLA-1857-1 nss - security update

Bulletin has no description...

7.5CVSS7.4AI score0.02794EPSS
Exploits0
OSV
OSV
•added 2019/06/20 12:0 a.m.•47 views

DLA-1789-2 intel-microcode - security update

Bulletin has no description...

5.9CVSS6.7AI score0.01553EPSS
Exploits0
OSV
OSV
•added 2019/05/29 10:29 p.m.•47 views

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

9.8CVSS7.2AI score0.99986EPSS
Exploits4References7
OSV
OSV
•added 2019/04/13 12:0 a.m.•47 views

DSA-4431-1 libssh2 - security update

Bulletin has no description...

9.3CVSS7.5AI score0.09219EPSS
Exploits0
OSV
OSV
•added 2019/04/01 12:0 a.m.•47 views

DLA-1743-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.9AI score0.19762EPSS
Exploits11
Total number of security vulnerabilities5000