Lucene search
K
OsvMost viewed

909636 matches found

OSV
OSV
added 2022/08/09 5:5 p.m.47 views

GO-2022-0761 Improper input validation in net/http and net/http/cgi

An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Proxy header, which changes where Go by default proxies all outbound HTTP requests. This environment variable is also used to set the outgoing proxy, enabling an attacker to insert a...

8.1CVSS7.4AI score0.0522EPSS
Exploits0References4
OSV
OSV
added 2022/08/02 12:0 a.m.47 views

DSA-5198-1 jetty9 - security update

Bulletin has no description...

7.5CVSS5.9AI score0.0227EPSS
Exploits0
OSV
OSV
added 2022/07/27 4:15 a.m.47 views

CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrmexpandpolicies in net/xfrm/xfrmpolicy.c can cause a refcount to be dropped twice...

5.5CVSS5.2AI score
Exploits0References6
OSV
OSV
added 2022/07/11 9:0 p.m.47 views

GHSA-VWM6-QC77-V2RH KubeEdge Edge ServiceBus module DoS

Impact The ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will ...

6.5CVSS6.9AI score0.01335EPSS
Exploits1References6
OSV
OSV
added 2022/07/05 1:55 p.m.47 views

RLSA-2022:5498 Moderate: Satellite 6.11 Release

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buffer overflow in testcasere...

9.8CVSS8.8AI score0.49246EPSS
Exploits14References475
OSV
OSV
added 2022/07/03 12:0 a.m.47 views

DSA-5173-1 linux - security update

Bulletin has no description...

8.2CVSS7.9AI score0.06451EPSS
Exploits30
OSV
OSV
added 2022/07/02 12:0 a.m.47 views

CVE-2022-2286 Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0...

7.8CVSS7.9AI score0.013EPSS
Exploits1References8
OSV
OSV
added 2022/06/27 12:0 a.m.47 views

DLA-3060-1 blender - security update

Bulletin has no description...

7.8CVSS6.1AI score0.01135EPSS
Exploits0
OSV
OSV
added 2022/06/02 2:15 p.m.47 views

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

8.1CVSS1.5AI score0.03453EPSS
Exploits1References4
OSV
OSV
added 2022/06/01 7:50 p.m.47 views

GHSA-72P8-V4HG-V45P Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

6.5CVSS5.9AI score0.01384EPSS
Exploits1References7
OSV
OSV
added 2022/05/27 6:28 p.m.47 views

ALSA-2022:4776 Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla:...

8.8CVSS9.1AI score0.26709EPSS
Exploits0References3
OSV
OSV
added 2022/05/26 4:15 p.m.47 views

CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

7.8CVSS3.5AI score
Exploits0References9
OSV
OSV
added 2022/05/24 8:17 p.m.47 views

GO-2022-0171 Mishandled trust preferences for root certificates on Darwin in crypto/x509

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

7.5CVSS7.5AI score0.01287EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 8:14 p.m.47 views

GO-2022-0213 Panic on invalid DSA public keys in crypto/dsa

Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server tha...

7.5CVSS7.3AI score0.04693EPSS
Exploits1References4
OSV
OSV
added 2022/05/24 4:59 p.m.47 views

GHSA-R34V-GQMW-QVGJ Podman Symlink Vulnerability

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a...

5.5CVSS5.5AI score0.0149EPSS
Exploits1References7
OSV
OSV
added 2022/05/14 1:9 a.m.47 views

GHSA-8JFM-RGMG-3WQ2 Apache Archiva vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Apache Archiva prior to version 2.2.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnectorcommit.action...

4.8CVSS4.9AI score0.04797EPSS
Exploits3References8
OSV
OSV
added 2022/05/10 6:45 a.m.47 views

ALSA-2022:2013 Moderate: openssh security, bug fix, and enhancement update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are...

7CVSS7.5AI score0.02367EPSS
Exploits2References2
OSV
OSV
added 2022/05/10 6:24 a.m.47 views

RLSA-2022:1777 Moderate: webkit2gtk3 security, bug fix, and enhancement update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...

8.8CVSS9.3AI score0.16342EPSS
Exploits4References33
OSV
OSV
added 2022/05/08 12:0 a.m.47 views

CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim

NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input...

6.6CVSS6.9AI score0.01518EPSS
Exploits1References12
OSV
OSV
added 2022/04/20 12:24 p.m.47 views

RLSA-2022:1442 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPa...

7.5CVSS6.8AI score0.04046EPSS
Exploits0References6
OSV
OSV
added 2022/04/08 12:0 a.m.48 views

DSA-5116-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.7AI score0.03668EPSS
Exploits0
OSV
OSV
added 2022/04/06 12:0 a.m.47 views

CVE-2022-1253 Heap-based Buffer Overflow in strukturag/libde265

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...

7.4CVSS7.7AI score0.0202EPSS
Exploits1References5
OSV
OSV
added 2022/03/16 12:0 a.m.47 views

GHSA-P9GQ-76FJ-4P4P Missing permission checks in Jenkins Release Helper Plugin

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.7AI score0.00714EPSS
Exploits0References4
OSV
OSV
added 2022/03/15 5:15 p.m.47 views

CVE-2022-0778

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS0.4AI score
Exploits0References29
OSV
OSV
added 2022/03/15 1:0 a.m.47 views

CVE-2022-0944 Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

9.1CVSS8.2AI score0.08669EPSS
Exploits12References4
OSV
OSV
added 2022/03/10 2:43 p.m.47 views

ALSA-2022:0825 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...

9CVSS8.1AI score0.88106EPSS
Exploits119References8
OSV
OSV
added 2022/03/03 8:35 p.m.47 views

CVE-2022-24723 Improper Input Validation in URI.js

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS5.6AI score0.01995EPSS
Exploits1References6
OSV
OSV
added 2022/02/18 12:0 a.m.47 views

GHSA-73Q4-J324-2QCC Incorrect authorization in Drupal core

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References2
OSV
OSV
added 2022/01/24 12:0 a.m.47 views

DSA-5057-1 openjdk-11 - security update

Bulletin has no description...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
added 2022/01/13 3:44 a.m.47 views

GO-2021-0226 Cross-site scripting in net/http/cgi and net/http/fcgi

When a Handler does not explicitly set the Content-Type header, the the package would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the...

6.1CVSS6.2AI score0.03646EPSS
Exploits2References4
OSV
OSV
added 2021/12/11 12:0 a.m.47 views

DSA-5020-1 apache-log4j2 - security update

Bulletin has no description...

10CVSS10AI score0.99999EPSS
Exploits351
OSV
OSV
added 2021/11/23 12:15 a.m.47 views

PYSEC-2021-861

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS4.4AI score0.00398EPSS
Exploits0References6
OSV
OSV
added 2021/10/20 12:41 p.m.47 views

ALSA-2021:3891 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS6.5AI score0.14839EPSS
Exploits0References10
OSV
OSV
added 2021/10/12 12:0 a.m.47 views

DLA-2785-1 linux-4.19 - security update

Bulletin has no description...

8.8CVSS7.7AI score0.01476EPSS
Exploits15
OSV
OSV
added 2021/10/08 12:0 p.m.47 views

RUSTSEC-2021-0121 Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

9.8CVSS9.4AI score0.00753EPSS
Exploits0References3
OSV
OSV
added 2021/09/27 6:15 a.m.47 views

PYSEC-2021-354

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients...

7.5CVSS3.6AI score0.02448EPSS
Exploits6References3
OSV
OSV
added 2021/08/23 7:41 p.m.47 views

GHSA-23R4-5MXP-C7G5 parse-server new anonymous user session acts as if it's created with password

Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...

4.8CVSS6.4AI score0.00993EPSS
Exploits0References5
OSV
OSV
added 2021/08/02 5:25 p.m.47 views

GHSA-88CW-3M6X-49F7 Out-of-bounds Write in ChakraCore

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048...

7.5CVSS5.5AI score0.01913EPSS
Exploits0References4
OSV
OSV
added 2021/07/28 6:8 p.m.47 views

GO-2021-0110 Token reuse in github.com/ory/fosite

Uniqueness of JWT IDs jti are not checked, allowing the JWT to be replayed...

8.1CVSS8AI score0.00867EPSS
Exploits1References1
OSV
OSV
added 2021/06/30 12:38 a.m.47 views

UVI-2021-1001082 x86/fpu: Prevent state corruption in __fpu__restore_sig()

x86/fpu: Prevent state corruption in fpurestoresig This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.4AI score
Exploits0
OSV
OSV
added 2021/06/29 1:42 p.m.47 views

RLSA-2021:2570 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in net/bluetooth/hcievent.c when destroying an hcichan CVE-2021-33034 kernel: security bypass in certs/blacklist.c and certs/systemkeyring.c CVE-2020-26541 For more details...

7.8CVSS7.6AI score0.00819EPSS
Exploits2References3
OSV
OSV
added 2021/06/22 12:0 a.m.47 views

DLA-2690-1 linux-4.19 - security update

Bulletin has no description...

7.8CVSS8AI score0.07604EPSS
Exploits13
OSV
OSV
added 2021/06/21 5:18 p.m.47 views

GHSA-33RV-M2GP-MM2R Prototype pollution in safe-flat

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS9.6AI score0.03337EPSS
Exploits1References3
OSV
OSV
added 2021/04/14 8:4 p.m.47 views

GO-2020-0048 Denial of service in github.com/antchfx/xmlquery

LoadURL does not check the Content-Type of loaded resources, which can cause a panic due to nil pointer deference if the loaded resource is not XML. If user supplied URLs are loaded, this may be used as a denial of service vector...

9.8CVSS9.1AI score0.01936EPSS
Exploits1References2
OSV
OSV
added 2021/04/14 3:3 p.m.47 views

GHSA-4C7M-WXVM-R7GC Improper parsing of octal bytes in netmask

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

9.1CVSS7.1AI score0.16356EPSS
Exploits1References9
OSV
OSV
added 2021/04/06 12:0 a.m.47 views

DSA-4886-1 chromium - security update

Bulletin has no description...

8.8CVSS7.5AI score0.26525EPSS
Exploits27
OSV
OSV
added 2021/03/30 12:0 a.m.47 views

DSA-4881-1 curl - security update

Bulletin has no description...

7.8CVSS6.7AI score0.09917EPSS
Exploits7
OSV
OSV
added 2021/02/27 12:0 a.m.47 views

DSA-4865-1 docker.io - security update

Bulletin has no description...

6.8CVSS6.4AI score0.03287EPSS
Exploits5
OSV
OSV
added 2021/02/02 12:0 a.m.47 views

DLA-2539-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS6.9AI score0.01556EPSS
Exploits0
OSV
OSV
added 2020/12/08 12:0 a.m.47 views

DSA-4807-1 openssl - security update

Bulletin has no description...

5.9CVSS6AI score0.06968EPSS
Exploits3
Total number of security vulnerabilities5000