Lucene search
K
OsvMost viewed

907431 matches found

OSV
OSV
added 2023/10/19 12:0 a.m.45 views

DLA-3623-1 linux-5.10 - security update

Bulletin has no description...

7.8CVSS7.7AI score0.16642EPSS
Exploits17
OSV
OSV
added 2023/10/11 12:0 a.m.45 views

DLA-3614-1 python3.7 - security update

Bulletin has no description...

9.8CVSS6.9AI score0.04268EPSS
Exploits6
OSV
OSV
added 2023/10/10 6:15 p.m.45 views

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS7.5AI score
Exploits0References6
OSV
OSV
added 2023/09/25 4:15 p.m.45 views

CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...

7.5CVSS5.8AI score0.01338EPSS
Exploits0References9
OSV
OSV
added 2023/09/12 12:0 a.m.45 views

ALSA-2023:5061 Moderate: dmidecode security update

The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface EFI, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version...

7.1CVSS7.1AI score0.00523EPSS
Exploits1References4
OSV
OSV
added 2023/08/31 4:54 p.m.45 views

RLSA-2023:3847 Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tls: race condition in dotlsgetsockopt may lead to use-after-free or NULL pointer dereference CVE-2023-28466 For more details about the security issues, including the impact, a CVSS score...

7CVSS7.5AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2023/08/22 7:16 p.m.45 views

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

9.8CVSS7.1AI score
Exploits0References7
OSV
OSV
added 2023/08/10 12:0 a.m.45 views

DLA-3524-1 linux - security update

Bulletin has no description...

6.5CVSS7.7AI score0.03882EPSS
Exploits1
OSV
OSV
added 2023/08/01 12:0 a.m.45 views

ASB-A-283006437

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

7.8CVSS7.8AI score0.00082EPSS
Exploits0References3
OSV
OSV
added 2023/08/01 12:0 a.m.45 views

ALSA-2023:4378 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt...

7.8CVSS7.1AI score0.01377EPSS
Exploits6References12
OSV
OSV
added 2023/07/31 12:0 a.m.45 views

DLA-3512-1 linux-5.10 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.06127EPSS
Exploits3
OSV
OSV
added 2023/07/19 12:0 a.m.45 views

DLA-3500-1 python-django - security update

Bulletin has no description...

7.5CVSS7.6AI score0.02669EPSS
Exploits0
OSV
OSV
added 2023/07/18 12:0 a.m.45 views

ALSA-2023:4202 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: memory corruption issue leading to arbitrary code execution CVE-2023-32435 webkitgtk: type confusion issue leading to arbitrary code execution CVE-2023-32439 For more details about th...

8.8CVSS9.4AI score0.23788EPSS
Exploits1References6
OSV
OSV
added 2023/07/16 12:0 a.m.45 views

DSA-5453-1 linux - security update

Bulletin has no description...

7.8CVSS8AI score0.06127EPSS
Exploits2
OSV
OSV
added 2023/06/29 12:0 a.m.45 views

ALSA-2023:3922 Critical: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary code at build time when...

9.8CVSS9.3AI score0.01837EPSS
Exploits0References10
OSV
OSV
added 2023/06/27 12:0 a.m.45 views

ALSA-2023:3840 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

5.5CVSS7.5AI score0.00347EPSS
Exploits1References4
OSV
OSV
added 2023/06/22 10:39 p.m.45 views

CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

5.3CVSS6.6AI score0.01395EPSS
Exploits1References13
OSV
OSV
added 2023/05/09 12:0 a.m.45 views

ALSA-2023:2458 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

8.8CVSS8.9AI score0.03763EPSS
Exploits13References82
OSV
OSV
added 2023/05/03 12:0 a.m.45 views

DSA-5397-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.6AI score0.27076EPSS
Exploits1
OSV
OSV
added 2023/04/24 6:30 p.m.45 views

GHSA-5CX2-VQ3H-X52C Apache superset missing check for default SECRET_KEY

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

8.9CVSS9.2AI score0.97405EPSS
Exploits20References9
OSV
OSV
added 2023/04/16 12:0 a.m.45 views

DSA-5390-1 chromium - security update

Bulletin has no description...

8.8CVSS8.9AI score0.40798EPSS
Exploits1
OSV
OSV
added 2023/04/12 12:0 a.m.45 views

ALSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...

8.6CVSS8.1AI score0.24928EPSS
Exploits4References16
OSV
OSV
added 2023/04/05 9:4 p.m.45 views

GO-2023-1704 Excessive memory allocation in net/http and net/textproto

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS8.5AI score0.01888EPSS
Exploits0References3
OSV
OSV
added 2023/03/22 6:36 p.m.45 views

GHSA-42C3-WVWW-GCQJ Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

6.5CVSS7.4AI score0.65115EPSS
Exploits1References6
OSV
OSV
added 2023/03/22 5:15 p.m.45 views

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS7.6AI score
Exploits0References11
OSV
OSV
added 2023/02/28 10:21 p.m.45 views

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.5AI score0.00604EPSS
Exploits0References4
OSV
OSV
added 2023/02/23 8:15 p.m.45 views

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS2.8AI score
Exploits0References2
OSV
OSV
added 2023/02/21 12:0 a.m.45 views

ALSA-2023:0848 Moderate: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0. BZ2161666 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie...

9.8CVSS8.8AI score0.49336EPSS
Exploits6References12
OSV
OSV
added 2023/02/21 12:0 a.m.45 views

ALSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

9CVSS7.8AI score0.57941EPSS
Exploits0References8
OSV
OSV
added 2023/02/14 10:0 p.m.45 views

GHSA-824J-WQM8-89MJ .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS8AI score0.01148EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 9:33 p.m.45 views

GHSA-R4F8-F93X-5QH3 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

8.8CVSS7AI score0.00831EPSS
Exploits1References10
OSV
OSV
added 2023/02/08 12:0 a.m.45 views

DSA-5345-1 chromium - security update

Bulletin has no description...

8.8CVSS7.6AI score0.00883EPSS
Exploits0
OSV
OSV
added 2023/01/31 12:0 a.m.45 views

DLA-3298-1 ruby-rack - security update

Bulletin has no description...

8.6CVSS6.7AI score0.03593EPSS
Exploits1
OSV
OSV
added 2023/01/27 12:0 a.m.45 views

DSA-5330-1 curl - security update

Bulletin has no description...

9.8CVSS7.8AI score0.04325EPSS
Exploits2
OSV
OSV
added 2023/01/26 12:0 a.m.45 views

DLA-3282-1 git - security update

Bulletin has no description...

9.8CVSS9.9AI score0.56334EPSS
Exploits0
OSV
OSV
added 2023/01/23 2:30 p.m.45 views

RLSA-2023:0339 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

5.9CVSS7.4AI score0.19193EPSS
Exploits2References2
OSV
OSV
added 2023/01/23 12:0 a.m.45 views

ALSA-2023:0328 Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

7.5CVSS7.2AI score0.01544EPSS
Exploits1References8
OSV
OSV
added 2023/01/14 1:15 a.m.45 views

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

8.8CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2023/01/12 12:0 a.m.45 views

ALSA-2023:0101 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 kernel: i915: Incorrect GPU TLB flush can lead to random memory access CVE-2022-4139 For more details about the...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References6
OSV
OSV
added 2023/01/04 12:0 a.m.45 views

ALSA-2023:0021 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 For more details about the security issues, including the impact, a CVSS score,...

8.8CVSS9.2AI score0.08523EPSS
Exploits0References4
OSV
OSV
added 2022/12/28 6:27 a.m.45 views

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

7.2CVSS6.5AI score0.00724EPSS
Exploits0References5
OSV
OSV
added 2022/12/12 12:0 a.m.45 views

CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

5.3CVSS7.3AI score0.01466EPSS
Exploits1References6
OSV
OSV
added 2022/12/07 11:5 p.m.45 views

GHSA-43FP-RHV2-5GV8 Certifi removing TrustCor root certificate

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a...

6.8CVSS7AI score0.00535EPSS
Exploits0References7
OSV
OSV
added 2022/12/07 6:45 p.m.45 views

GO-2022-1113 Server-side request forgery in github.com/oam-dev/kubevela

When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability...

6.5CVSS5.6AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2022/12/07 12:0 a.m.45 views

DLA-3228-1 node-json-schema - security update

Bulletin has no description...

9.8CVSS8.9AI score0.03563EPSS
Exploits1
OSV
OSV
added 2022/12/05 5:58 p.m.45 views

GHSA-QQFF-4VW4-F6HX Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list

The Cap'n Proto library and capnp Rust package are vulnerable to out-of-bounds read due to logic error handling list-of-list. If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the...

5.4CVSS5.2AI score0.00852EPSS
Exploits0References11
OSV
OSV
added 2022/11/22 2:15 a.m.45 views

CVE-2022-36227

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...

9.8CVSS3.1AI score
Exploits0References7
OSV
OSV
added 2022/11/17 12:0 a.m.45 views

DSA-5283-1 jackson-databind - security update

Bulletin has no description...

7.5CVSS7.6AI score0.0486EPSS
Exploits4
OSV
OSV
added 2022/11/15 12:0 a.m.45 views

ALSA-2022:8418 Low: mingw-glib2 security and bug fix update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: gfilereplace with...

5.3CVSS6.8AI score0.02622EPSS
Exploits1References4
OSV
OSV
added 2022/11/11 12:3 a.m.45 views

GHSA-VP35-85Q5-9F25 Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

7.5AI score
Exploits0References5
Total number of security vulnerabilities5000