Lucene search
K
OsvMost viewed

909089 matches found

OSV
OSV
added 2023/02/14 7:15 p.m.48 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.1CVSS9AI score
Exploits0References6
OSV
OSV
added 2023/02/09 12:0 a.m.48 views

DLA-3314-1 libsdl2 - security update

Bulletin has no description...

8.8CVSS7.5AI score0.03299EPSS
Exploits12
OSV
OSV
added 2023/01/24 8:47 p.m.48 views

GHSA-864V-6QJ7-62QJ Issue with whitespace in JWT roles in OpenSearch

Advisory title: Issue with whitespace in JWT roles Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID...

4.7CVSS6.3AI score0.00796EPSS
Exploits0References4
OSV
OSV
added 2023/01/12 12:0 p.m.48 views

RUSTSEC-2023-0002 git2 Rust package suppresses ssh host key checking

By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...

5.9CVSS5.6AI score0.00649EPSS
Exploits0References4
OSV
OSV
added 2023/01/12 12:0 a.m.48 views

ALSA-2023:0110 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.5CVSS7.4AI score0.19193EPSS
Exploits2References4
OSV
OSV
added 2023/01/03 12:28 p.m.48 views

GHSA-J94P-HV25-RM5G Apiman has potential permissions bypass

Impact Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they are not a member of and/or do not have...

7.1CVSS6AI score0.00604EPSS
Exploits0References6
OSV
OSV
added 2022/12/26 5:15 a.m.48 views

CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...

7.5CVSS5.1AI score
Exploits0References3
OSV
OSV
added 2022/12/16 11:15 p.m.48 views

PYSEC-2022-42993

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

6.5CVSS6.9AI score0.00704EPSS
Exploits1References3
OSV
OSV
added 2022/12/12 9:19 p.m.48 views

GHSA-MJMJ-J48Q-9WG2 SnakeYaml Constructor Deserialization Remote Code Execution

Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...

8.3CVSS9AI score0.99615EPSS
Exploits7References19
OSV
OSV
added 2022/12/09 10:12 p.m.48 views

CVE-2022-23510 SQl injection in cube-js

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...

9.6CVSS9.1AI score0.00898EPSS
Exploits0References5
OSV
OSV
added 2022/12/08 7:1 p.m.48 views

GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References4
OSV
OSV
added 2022/12/07 12:0 a.m.48 views

DLA-3230-1 jqueryui - security update

Bulletin has no description...

6.5CVSS6.9AI score0.44515EPSS
Exploits5
OSV
OSV
added 2022/11/25 12:0 a.m.48 views

CVE-2022-4141 Heap-based Buffer Overflow in vim/vim

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command...

7.3CVSS7.9AI score0.00423EPSS
Exploits1References9
OSV
OSV
added 2022/11/08 11:0 p.m.48 views

GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

5.8CVSS6.1AI score0.00747EPSS
Exploits0References6
OSV
OSV
added 2022/11/01 6:15 p.m.48 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8AI score
Exploits0References4
OSV
OSV
added 2022/11/01 12:0 p.m.48 views

RUSTSEC-2022-0064 X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.2AI score0.9077EPSS
Exploits6References3
OSV
OSV
added 2022/10/21 12:0 a.m.48 views

CVE-2022-3626

LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...

5.5CVSS6.3AI score0.00938EPSS
Exploits1References7
OSV
OSV
added 2022/10/19 7:0 p.m.48 views

GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

8.8CVSS9.9AI score0.01095EPSS
Exploits0References3
OSV
OSV
added 2022/10/18 9:16 p.m.48 views

GHSA-C27J-76XG-6X4F Kirby CMS vulnerable to user enumeration in the brute force protection

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. ---- Introduction User enumeration is a type of vulnerability that allows...

6.5CVSS5.7AI score0.00585EPSS
Exploits0References7
OSV
OSV
added 2022/10/18 12:0 a.m.48 views

DSA-5257-1 linux - security update

Bulletin has no description...

8.8CVSS7AI score0.03763EPSS
Exploits10
OSV
OSV
added 2022/09/22 12:0 a.m.48 views

GHSA-6CVR-RVPM-9WX4 Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery

SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...

4.2CVSS8.7AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 2022/09/22 12:0 a.m.48 views

DSA-5235-1 bind9 - security update

Bulletin has no description...

7.5CVSS6.9AI score0.02299EPSS
Exploits0
OSV
OSV
added 2022/09/07 12:0 a.m.48 views

DSA-5227-1 libgoogle-gson-java - security update

Bulletin has no description...

7.7CVSS7.8AI score0.1158EPSS
Exploits0
OSV
OSV
added 2022/09/01 12:0 a.m.48 views

ASB-A-219942275

In storeAtts of xmlparse.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS8.7AI score0.04829EPSS
Exploits0References2
OSV
OSV
added 2022/07/22 12:0 a.m.48 views

DSA-5186-1 djangorestframework - security update

Bulletin has no description...

6.1CVSS6.2AI score0.01286EPSS
Exploits0
OSV
OSV
added 2022/07/19 6:15 p.m.48 views

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS8.3AI score
Exploits0References24
OSV
OSV
added 2022/07/12 3:15 p.m.48 views

PYSEC-2022-226

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...

6.1CVSS0.7AI score0.00772EPSS
Exploits0References4
OSV
OSV
added 2022/06/09 11:47 p.m.48 views

GHSA-F2WF-25XC-69C9 Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

7.5CVSS7.5AI score0.0182EPSS
Exploits0References8
OSV
OSV
added 2022/06/09 12:0 a.m.48 views

GHSA-R48Q-9G5R-8Q2H Authorization Bypass Through User-Controlled Key in go-restful

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

9.1CVSS10AI score0.02737EPSS
Exploits1References17
OSV
OSV
added 2022/05/30 11:39 a.m.48 views

ALSA-2022:4797 Important: maven:3.6 security update

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

9.8CVSS9.8AI score0.04031EPSS
Exploits0References2
OSV
OSV
added 2022/05/26 4:15 p.m.48 views

CVE-2022-30788

A crafted NTFS image can cause a heap-based buffer overflow in ntfsmftrecalloc in NTFS-3G through 2021.8.22...

7.8CVSS3.5AI score
Exploits0References9
OSV
OSV
added 2022/05/24 5:7 p.m.48 views

GHSA-HHMF-7RGG-GCW5 Plone SQL Injection Vulnerability

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...

8.8CVSS9AI score0.01213EPSS
Exploits0References7
OSV
OSV
added 2022/05/23 11:15 p.m.48 views

GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...

8.2CVSS7.9AI score0.02886EPSS
Exploits1References11
OSV
OSV
added 2022/05/14 3:46 a.m.48 views

GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...

7.5CVSS7.3AI score0.03143EPSS
Exploits0References3
OSV
OSV
added 2022/05/03 12:0 a.m.48 views

DLA-2992-1 openvpn - security update

Bulletin has no description...

9.8CVSS7.1AI score0.05107EPSS
Exploits1
OSV
OSV
added 2022/05/01 12:0 a.m.48 views

ASB-A-220741611

In multiple functions of ioviter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS8.3AI score0.88106EPSS
Exploits100References4
OSV
OSV
added 2022/04/28 2:15 p.m.48 views

PYSEC-2022-183

Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS1.8AI score0.02184EPSS
Exploits1References6
OSV
OSV
added 2022/04/27 9:9 p.m.48 views

GHSA-Q77Q-VX4Q-XX6Q Cross-site Scripting in org.owasp.esapi:esapi

Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...

6.1CVSS6.6AI score0.01632EPSS
Exploits1References8
OSV
OSV
added 2022/04/22 8:42 p.m.48 views

GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

4.8CVSS5.7AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2022/04/20 12:21 p.m.48 views

RLSA-2022:1445 Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...

7.5CVSS6.9AI score0.48235EPSS
Exploits6References9
OSV
OSV
added 2022/04/12 7:36 p.m.48 views

GHSA-W98M-2XQG-9CVJ Remote Code Execution in paginator

There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...

9.8CVSS9.6AI score0.03284EPSS
Exploits0References6
OSV
OSV
added 2022/03/18 1:25 p.m.48 views

CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References4
OSV
OSV
added 2022/03/14 6:15 p.m.48 views

PYSEC-2022-163

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

9.8CVSS3.8AI score0.03652EPSS
Exploits0References3
OSV
OSV
added 2022/03/11 8:52 p.m.48 views

GHSA-MCG6-H362-CMQ5 Improper Authorization in cobbler

Impact If PAM is correctly configured and a user account is set to expired, the expired user-account is still able to successfully log into Cobbler in all places Web UI, CLI & XMLRPC-API. The same applies to user accounts with passwords set to be expired. Patches There is a patch for the latest...

8.8CVSS9.1AI score0.02256EPSS
Exploits1References10
OSV
OSV
added 2022/03/02 9:33 p.m.48 views

GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes

Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS7.9AI score0.27392EPSS
Exploits4References16
OSV
OSV
added 2022/02/26 5:15 a.m.48 views

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...

7.5CVSS1.6AI score
Exploits0References19
OSV
OSV
added 2022/02/09 12:59 a.m.48 views

GHSA-J229-2H63-RVH9 Improper Authentication for Keycloak

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS8.4AI score0.01004EPSS
Exploits0References2
OSV
OSV
added 2022/02/04 10:32 p.m.48 views

CVE-2022-23576 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS6.6AI score0.00783EPSS
Exploits1References5
OSV
OSV
added 2022/02/01 12:46 a.m.48 views

GHSA-VVMR-8829-6WHX CSRF token missing in Symfony

Description ----------- The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the...

8.1CVSS8.1AI score0.00566EPSS
Exploits0References7
OSV
OSV
added 2022/01/31 9:15 p.m.48 views

PYSEC-2022-24

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS3.3AI score0.00953EPSS
Exploits0References2
Total number of security vulnerabilities5000