Lucene search
K
OsvMost viewed

907558 matches found

OSV
OSV
•added 2021/02/02 12:0 a.m.•46 views

DLA-2539-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS6.9AI score0.01556EPSS
Exploits0
OSV
OSV
•added 2021/02/01 12:0 a.m.•46 views

ASB-A-145728687

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

9.3CVSS7.8AI score0.00732EPSS
Exploits0References6
OSV
OSV
•added 2020/12/08 12:0 a.m.•46 views

DSA-4807-1 openssl - security update

Bulletin has no description...

5.9CVSS6AI score0.06968EPSS
Exploits3
OSV
OSV
•added 2020/11/21 12:0 a.m.•46 views

DSA-4796-1 thunderbird - security update

Bulletin has no description...

9.3CVSS7AI score0.0247EPSS
Exploits1
OSV
OSV
•added 2020/11/03 12:24 p.m.•46 views

ALSA-2020:4659 Moderate: gd security update

GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fixes: gd: Heap-based buffer overflow in gdImageColorMatch in gdcolormatch.c CVE-2019-6977 gd: NULL pointer dereference in...

9.8CVSS8.7AI score0.65116EPSS
Exploits7References4
OSV
OSV
•added 2020/10/14 12:0 a.m.•46 views

DSA-4772-1 httpcomponents-client - security update

Bulletin has no description...

5.3CVSS6AI score0.08665EPSS
Exploits1
OSV
OSV
•added 2020/09/29 12:0 a.m.•46 views

DLA-2388-1 nss - security update

Bulletin has no description...

10CVSS7.1AI score0.44398EPSS
Exploits2
OSV
OSV
•added 2020/06/30 12:0 a.m.•46 views

DSA-4712-1 imagemagick - security update

Bulletin has no description...

9.8CVSS7.1AI score0.04352EPSS
Exploits33
OSV
OSV
•added 2020/05/21 3:15 p.m.•46 views

PYSEC-2020-242

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...

6.1CVSS1.7AI score0.00811EPSS
Exploits0References2
OSV
OSV
•added 2020/05/06 12:0 a.m.•46 views

DSA-4676-1 salt - security update

Bulletin has no description...

9.8CVSS8.5AI score0.96405EPSS
Exploits25
OSV
OSV
•added 2020/01/24 3:15 p.m.•46 views

CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS6.5AI score
Exploits0References19
OSV
OSV
•added 2020/01/21 8:59 p.m.•46 views

GHSA-8WX2-9Q48-VM9R RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

7.5CVSS7.3AI score0.88077EPSS
Exploits2References47
OSV
OSV
•added 2020/01/20 12:0 a.m.•46 views

DSA-4606-1 chromium - security update

Bulletin has no description...

8.8CVSS7AI score0.15537EPSS
Exploits7
OSV
OSV
•added 2019/12/05 7:26 p.m.•46 views

GHSA-7XX3-M584-X994 A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack

Keepalive thread overload/DoS Impact A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the...

5.3CVSS7.3AI score0.0196EPSS
Exploits0References5
OSV
OSV
•added 2019/11/25 12:0 a.m.•46 views

DLA-2008-1 nss - security update

Bulletin has no description...

8.8CVSS8.9AI score0.02994EPSS
Exploits0
OSV
OSV
•added 2019/10/02 7:15 p.m.•46 views

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

9.8CVSS6.3AI score0.019EPSS
Exploits0References4
OSV
OSV
•added 2019/09/12 12:0 a.m.•46 views

DLA-1919-1 linux-4.9 - security update

Bulletin has no description...

10CVSS7.3AI score0.05189EPSS
Exploits13
OSV
OSV
•added 2019/08/31 12:0 a.m.•46 views

DLA-1907-1 libav - security update

Bulletin has no description...

8.8CVSS6.8AI score0.02638EPSS
Exploits6
OSV
OSV
•added 2019/08/16 3:15 a.m.•46 views

CVE-2019-15107

An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability...

9.8CVSS7.2AI score0.99766EPSS
Exploits37References9
OSV
OSV
•added 2019/08/15 12:0 a.m.•46 views

DLA-1886-1 openjdk-7 - security update

Bulletin has no description...

5.8CVSS6.2AI score0.04472EPSS
Exploits0
OSV
OSV
•added 2019/04/13 12:0 a.m.•46 views

DSA-4431-1 libssh2 - security update

Bulletin has no description...

9.3CVSS7.5AI score0.09219EPSS
Exploits0
OSV
OSV
•added 2019/04/01 12:0 a.m.•46 views

DLA-1743-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.9AI score0.19762EPSS
Exploits11
OSV
OSV
•added 2019/03/09 12:29 a.m.•46 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS9.3AI score
Exploits0References15
OSV
OSV
•added 2019/03/08 12:0 a.m.•46 views

DSA-4403-1 php7.0 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.09395EPSS
Exploits5
OSV
OSV
•added 2019/02/28 12:0 a.m.•46 views

DLA-1694-1 qemu - security update

Bulletin has no description...

7.8CVSS6.8AI score0.25348EPSS
Exploits5
OSV
OSV
•added 2019/02/18 12:0 a.m.•46 views

DSA-4395-1 chromium - security update

Bulletin has no description...

9.6CVSS7.3AI score0.12879EPSS
Exploits3
OSV
OSV
•added 2018/12/22 12:0 a.m.•46 views

DLA-1613-1 sqlite3 - security update

Bulletin has no description...

8.1CVSS6.3AI score0.09683EPSS
Exploits1
OSV
OSV
•added 2018/11/12 12:0 a.m.•46 views

DLA-1577-1 xen - security update

Bulletin has no description...

8.8CVSS6.6AI score0.18404EPSS
Exploits9
OSV
OSV
•added 2018/04/23 12:0 a.m.•46 views

DLA-1359-1 ruby1.8 - security update

Bulletin has no description...

9.1CVSS7.2AI score0.10552EPSS
Exploits0
OSV
OSV
•added 2018/03/06 12:0 a.m.•46 views

DLA-1301-1 tomcat7 - security update

Bulletin has no description...

6.5CVSS6.5AI score0.17716EPSS
Exploits2
OSV
OSV
•added 2017/12/09 12:0 a.m.•46 views

DLA-1200-1 linux - security update

Bulletin has no description...

7.8CVSS8.1AI score0.02285EPSS
Exploits12
OSV
OSV
•added 2017/10/24 6:33 p.m.•46 views

GHSA-Q759-HWVC-M3JG actionpack Cross-site Scripting vulnerability

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS6.8AI score0.0264EPSS
Exploits1References16
OSV
OSV
•added 2017/10/24 6:33 p.m.•46 views

GHSA-GPPP-5XC5-WFPX Active Record allows bypassing of database-query restrictions

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.5AI score0.05673EPSS
Exploits1References12
OSV
OSV
•added 2017/10/24 6:33 p.m.•46 views

GHSA-WPW7-WXJM-CW8R actionpack allows bypass of database-query restrictions

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS7.6AI score0.02371EPSS
Exploits0References16
OSV
OSV
•added 2017/09/05 12:0 a.m.•46 views

DSA-3966-1 ruby2.3 - security update

Bulletin has no description...

9.8CVSS8.1AI score0.29442EPSS
Exploits8
OSV
OSV
•added 2017/07/21 12:0 a.m.•46 views

DLA-1034-1 php5 - security update

Bulletin has no description...

9.1CVSS7AI score0.06846EPSS
Exploits1
OSV
OSV
•added 2017/06/30 12:0 a.m.•46 views

DLA-1007-1 icedove - security update

Bulletin has no description...

9.8CVSS7.8AI score0.05216EPSS
Exploits11
OSV
OSV
•added 2017/06/20 12:0 a.m.•46 views

DLA-993-1 linux - security update

Bulletin has no description...

10CVSS6.8AI score0.1081EPSS
Exploits8
OSV
OSV
•added 2017/05/28 12:0 a.m.•46 views

DLA-958-1 libonig - security update

Bulletin has no description...

9.8CVSS7.9AI score0.07511EPSS
Exploits5
OSV
OSV
•added 2017/05/21 7:29 p.m.•46 views

CVE-2017-9117

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the...

9.8CVSS4.4AI score
Exploits0References4
OSV
OSV
•added 2017/05/03 12:0 a.m.•46 views

DSA-3842-1 tomcat7 - security update

Bulletin has no description...

9.1CVSS8.6AI score0.1684EPSS
Exploits0
OSV
OSV
•added 2017/04/21 12:0 a.m.•46 views

DLA-906-1 firefox-esr - security update

Bulletin has no description...

9.8CVSS7.8AI score0.18756EPSS
Exploits19
OSV
OSV
•added 2017/04/15 12:0 a.m.•46 views

DLA-896-1 icedove - security update

Bulletin has no description...

10CVSS7.8AI score0.33434EPSS
Exploits23
OSV
OSV
•added 2017/01/24 9:59 p.m.•46 views

CVE-2016-10158

The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1...

7.5CVSS6.7AI score
Exploits0References11
OSV
OSV
•added 2016/12/02 12:0 a.m.•46 views

DLA-731-1 imagemagick - security update

Bulletin has no description...

9.8CVSS7.3AI score0.13393EPSS
Exploits11
OSV
OSV
•added 2016/11/17 12:0 a.m.•46 views

DLA-711-1 curl - security update

Bulletin has no description...

9.8CVSS7.9AI score0.05915EPSS
Exploits0
OSV
OSV
•added 2016/10/31 12:0 a.m.•46 views

DLA-691-1 libxml2 - security update

Bulletin has no description...

10CVSS7.4AI score0.08628EPSS
Exploits0
OSV
OSV
•added 2016/10/17 12:0 a.m.•46 views

DLA-661-1 libarchive - security update

Bulletin has no description...

7.5CVSS6.4AI score0.05258EPSS
Exploits0
OSV
OSV
•added 2016/09/23 12:0 a.m.•46 views

DLA-634-1 dropbear - security update

Bulletin has no description...

10CVSS9.3AI score0.10494EPSS
Exploits0
OSV
OSV
•added 2016/09/05 12:0 a.m.•46 views

DSA-3660-1 chromium-browser - security update

Bulletin has no description...

8.8CVSS6.8AI score0.04702EPSS
Exploits0
Total number of security vulnerabilities5000