Lucene search
K
OsvMost viewed

907558 matches found

OSV
OSV
•added 2022/08/09 11:19 p.m.•46 views

GO-2022-0203 Remote command execution via "go get" command with "-insecure" option in cmd/go

The "go get" command is vulnerable to remote code execution. When the -insecure command-line option is used, "go get" does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

9.3CVSS9AI score0.63229EPSS
Exploits1References4
OSV
OSV
•added 2022/08/09 5:31 p.m.•46 views

GO-2022-0177 Remote command execution via "go get" in cmd/go

The "go get" command allows remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory...

9.8CVSS8.8AI score0.08944EPSS
Exploits0References4
OSV
OSV
•added 2022/07/27 4:15 a.m.•46 views

CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrmexpandpolicies in net/xfrm/xfrmpolicy.c can cause a refcount to be dropped twice...

5.5CVSS5.2AI score
Exploits0References6
OSV
OSV
•added 2022/07/06 12:0 a.m.•46 views

GHSA-XV59-GC3R-RF92 Insufficient Session Expiration in Nakama

Old session tokens can be used to authenticate to the application and send authenticated requests...

7.5CVSS7.3AI score0.00818EPSS
Exploits1References4
OSV
OSV
•added 2022/07/02 12:0 a.m.•46 views

CVE-2022-2286 Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0...

7.8CVSS7.9AI score0.013EPSS
Exploits1References8
OSV
OSV
•added 2022/06/30 12:0 a.m.•46 views

ALSA-2022:5314 Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8.6AI score0.04654EPSS
Exploits0References6
OSV
OSV
•added 2022/05/26 5:15 p.m.•46 views

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

8.1CVSS2AI score0.01914EPSS
Exploits1References5
OSV
OSV
•added 2022/05/24 5:30 p.m.•46 views

GHSA-5MFW-P6QV-WGVV Arbitrary file read vulnerability in Jenkins Persona Plugin

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller...

6.5CVSS6.3AI score0.0101EPSS
Exploits0References4
OSV
OSV
•added 2022/05/18 12:0 a.m.•46 views

GHSA-XHW3-WMX2-76WF Buffer overflow in Jenkins WMI Windows Agents plugin

WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it. This library has a buffer overflow vulnerability that may allow user...

4.2CVSS9.2AI score0.0168EPSS
Exploits0References5
OSV
OSV
•added 2022/05/17 5:18 a.m.•46 views

GHSA-5XM9-RF63-WJ7H Improper Control of Generation of Code in Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

4.3CVSS6.7AI score0.04608EPSS
Exploits1References4
OSV
OSV
•added 2022/05/14 1:10 a.m.•46 views

GHSA-3GV7-3H64-78CM Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

7.5CVSS8.4AI score0.1684EPSS
Exploits0References59
OSV
OSV
•added 2022/05/13 1:7 a.m.•46 views

GHSA-XCVR-QV8H-M7XW .NET Core Denial of Service Vulnerability

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability"...

7.5CVSS7.3AI score0.09436EPSS
Exploits0References6
OSV
OSV
•added 2022/05/10 8:7 a.m.•46 views

RLSA-2022:1915 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path CVE-2021-36160 httpd:...

7.5CVSS8.9AI score0.82295EPSS
Exploits1References7
OSV
OSV
•added 2022/05/10 6:45 a.m.•46 views

RLSA-2022:2013 Moderate: openssh security, bug fix, and enhancement update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are...

7CVSS7.5AI score0.02367EPSS
Exploits2References3
OSV
OSV
•added 2022/05/10 6:42 a.m.•46 views

RLSA-2022:1975 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed U...

7.8CVSS9.2AI score0.06846EPSS
Exploits11References38
OSV
OSV
•added 2022/05/10 6:24 a.m.•46 views

RLSA-2022:1777 Moderate: webkit2gtk3 security, bug fix, and enhancement update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...

8.8CVSS9.3AI score0.16342EPSS
Exploits4References33
OSV
OSV
•added 2022/05/08 12:0 a.m.•46 views

CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim

NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input...

6.6CVSS6.9AI score0.01518EPSS
Exploits1References12
OSV
OSV
•added 2022/04/19 4:17 p.m.•46 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS7.5AI score
Exploits0References6
OSV
OSV
•added 2022/04/15 5:15 a.m.•46 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS1.6AI score
Exploits0References5
OSV
OSV
•added 2022/04/14 9:15 p.m.•46 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS5.3AI score0.05666EPSS
Exploits2References3
OSV
OSV
•added 2022/04/08 12:0 a.m.•47 views

DSA-5116-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.7AI score0.03518EPSS
Exploits0
OSV
OSV
•added 2022/04/06 12:0 a.m.•46 views

CVE-2022-1253 Heap-based Buffer Overflow in strukturag/libde265

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...

7.4CVSS7.7AI score0.0202EPSS
Exploits1References5
OSV
OSV
•added 2022/03/28 10:15 p.m.•46 views

CVE-2022-26280

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipxlzmaaloneinit...

6.5CVSS1.9AI score
Exploits0References4
OSV
OSV
•added 2022/03/18 1:25 p.m.•46 views

CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References4
OSV
OSV
•added 2022/03/10 2:43 p.m.•46 views

ALSA-2022:0825 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...

9CVSS8.1AI score0.88106EPSS
Exploits119References8
OSV
OSV
•added 2022/03/03 8:35 p.m.•46 views

CVE-2022-24723 Improper Input Validation in URI.js

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS5.6AI score0.01995EPSS
Exploits1References6
OSV
OSV
•added 2022/02/11 1:15 p.m.•46 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.4AI score0.96182EPSS
Exploits16References5
OSV
OSV
•added 2022/02/10 8:34 p.m.•46 views

GHSA-P5CH-W78F-XH44 Cross-site scripting in @atlaskit/editor-core

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

5.4CVSS5.2AI score0.01126EPSS
Exploits0References5
OSV
OSV
•added 2022/02/09 10:16 p.m.•46 views

GHSA-878W-7GXP-MC63 SQL Injection in Spring Cloud Task

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

6CVSS6.3AI score0.00514EPSS
Exploits0References2
OSV
OSV
•added 2022/02/01 12:0 a.m.•46 views

DLA-2906-1 python-django - security update

Bulletin has no description...

7.5CVSS6.8AI score0.49246EPSS
Exploits1
OSV
OSV
•added 2022/01/31 12:0 a.m.•46 views

DLA-2905-1 apache-log4j1.2 - security update

Bulletin has no description...

9.8CVSS9.2AI score0.81147EPSS
Exploits10
OSV
OSV
•added 2022/01/26 7:15 p.m.•46 views

CVE-2022-23990

Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...

7.5CVSS3.8AI score
Exploits0References8
OSV
OSV
•added 2022/01/24 12:0 a.m.•46 views

DSA-5057-1 openjdk-11 - security update

Bulletin has no description...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
•added 2021/12/22 12:0 a.m.•46 views

DSA-5000-2 openjdk-11 - security update

Bulletin has no description...

7.1CVSS6.4AI score0.14839EPSS
Exploits0
OSV
OSV
•added 2021/12/11 12:0 a.m.•46 views

DSA-5020-1 apache-log4j2 - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits349
OSV
OSV
•added 2021/11/09 8:52 a.m.•46 views

ALSA-2021:4257 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF' CVE-2021-30641 For more details about t...

7.5CVSS7.8AI score0.65067EPSS
Exploits0References3
OSV
OSV
•added 2021/10/20 12:41 p.m.•46 views

ALSA-2021:3891 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS6.5AI score0.14839EPSS
Exploits0References10
OSV
OSV
•added 2021/08/03 2:54 a.m.•46 views

UVI-2021-1001483 jfs: fix GPF in diFree

jfs: fix GPF in diFree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit 7bde24bde490f3139eee147efc6d60d6040fe975. For more...

7.2AI score
Exploits0
OSV
OSV
•added 2021/07/22 7:43 p.m.•46 views

GHSA-J5C2-HM46-WP5C Privilege escalation: all users can access Admin-level API keys

Impact An error in the implementation of the limits service in 4.0.0 allows all authenticated users including contributors to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. GhostPro has already been patched. Self-hosters are impacted ...

6.5CVSS7AI score0.01019EPSS
Exploits1References4
OSV
OSV
•added 2021/07/13 12:0 p.m.•46 views

RUSTSEC-2021-0076 libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a checkoverflow flag...

9.8CVSS9.3AI score0.00935EPSS
Exploits1References3
OSV
OSV
•added 2021/06/30 12:38 a.m.•46 views

UVI-2021-1001086 mac80211: Fix NULL ptr deref for injected rate info

mac80211: Fix NULL ptr deref for injected rate info This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.2AI score
Exploits0
OSV
OSV
•added 2021/06/29 1:42 p.m.•46 views

ALSA-2021:2570 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in net/bluetooth/hcievent.c when destroying an hcichan CVE-2021-33034 kernel: security bypass in certs/blacklist.c and certs/systemkeyring.c CVE-2020-26541 For more details...

7.8CVSS7.6AI score0.00826EPSS
Exploits2References2
OSV
OSV
•added 2021/05/11 7:15 p.m.•46 views

CVE-2021-31200

Common Utilities Remote Code Execution Vulnerability...

7.2CVSS7.4AI score0.02482EPSS
Exploits0References1
OSV
OSV
•added 2021/05/02 12:0 a.m.•46 views

DSA-4910-1 libimage-exiftool-perl - security update

Bulletin has no description...

7.8CVSS7.3AI score0.99981EPSS
Exploits39
OSV
OSV
•added 2021/04/14 8:4 p.m.•46 views

GO-2021-0081 Insufficiently Protected Credentials in github.com/containers/image

The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials...

6.4CVSS6AI score0.01604EPSS
Exploits0References4
OSV
OSV
•added 2021/04/06 12:0 a.m.•46 views

DSA-4886-1 chromium - security update

Bulletin has no description...

8.8CVSS7.5AI score0.26525EPSS
Exploits27
OSV
OSV
•added 2021/03/30 12:0 a.m.•46 views

DSA-4881-1 curl - security update

Bulletin has no description...

7.8CVSS6.7AI score0.09917EPSS
Exploits7
OSV
OSV
•added 2021/02/27 12:0 a.m.•46 views

DSA-4865-1 docker.io - security update

Bulletin has no description...

6.8CVSS6.4AI score0.03287EPSS
Exploits5
OSV
OSV
•added 2021/02/16 4:51 p.m.•46 views

GHSA-2M8V-572M-FF2V Command Injection Vulnerability

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.3.1 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

7.8CVSS7.3AI score0.9024EPSS
Exploits4References9
OSV
OSV
•added 2021/02/15 5:15 p.m.•46 views

CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...

7.5CVSS2.5AI score
Exploits0References10
Total number of security vulnerabilities5000