Lucene search
K
OsvMost viewed

907426 matches found

OSV
OSV
•added 2022/10/19 9:13 p.m.•45 views

RLSA-2022:7006 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...

5.3CVSS5.9AI score0.02376EPSS
Exploits0References5
OSV
OSV
•added 2022/10/13 11:15 p.m.•45 views

CVE-2022-42719

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers able to inject WLAN frames to crash the kernel and potentially execute code...

8.8CVSS6.1AI score
Exploits0References11
OSV
OSV
•added 2022/09/29 5:25 p.m.•45 views

GO-2022-1026 Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

7.5CVSS7.4AI score0.00242EPSS
Exploits0References1
OSV
OSV
•added 2022/09/23 2:15 p.m.•45 views

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS2.2AI score0.01788EPSS
Exploits1References8
OSV
OSV
•added 2022/09/14 11:15 a.m.•45 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...

8.1CVSS1.9AI score
Exploits0References12
OSV
OSV
•added 2022/09/13 12:0 a.m.•45 views

ALSA-2022:6460 Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS CVE-2022-21125 Incomplete cleanup in specific special regist...

5.5CVSS7.4AI score0.06451EPSS
Exploits0References8
OSV
OSV
•added 2022/09/13 12:0 a.m.•45 views

DLA-3107-1 sqlite3 - security update

Bulletin has no description...

9.8CVSS8.1AI score0.01067EPSS
Exploits0
OSV
OSV
•added 2022/09/02 9:12 p.m.•45 views

GO-2022-0965 Unbounded recursion in JSON parsing in k8s.io/apimachinery

Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics...

7.5CVSS7.5AI score0.25939EPSS
Exploits2References3
OSV
OSV
•added 2022/09/02 5:15 a.m.•45 views

CVE-2022-39189

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

7.8CVSS7.3AI score
Exploits0References7
OSV
OSV
•added 2022/08/07 12:0 a.m.•45 views

DSA-5201-1 chromium - security update

Bulletin has no description...

8.8CVSS7AI score0.00799EPSS
Exploits6
OSV
OSV
•added 2022/08/04 9:30 p.m.•45 views

GO-2022-0189 Remote command execution via "go get" with "-u" flag in cmd/go

The "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented a...

8.1CVSS8.1AI score0.66252EPSS
Exploits0References4
OSV
OSV
•added 2022/08/01 12:0 a.m.•45 views

ASB-A-219498290

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00093EPSS
Exploits0References3
OSV
OSV
•added 2022/07/03 12:0 a.m.•45 views

DSA-5173-1 linux - security update

Bulletin has no description...

8.2CVSS7.9AI score0.06451EPSS
Exploits21
OSV
OSV
•added 2022/07/02 12:0 a.m.•45 views

CVE-2022-2286 Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0...

7.8CVSS7.9AI score0.013EPSS
Exploits1References8
OSV
OSV
•added 2022/07/01 8:10 p.m.•45 views

GO-2022-0400 Race condition in github.com/ntbosscher/gobase

A race condition can cause incorrect HTTP request routing...

3.7CVSS4AI score0.00348EPSS
Exploits0References1
OSV
OSV
•added 2022/06/03 12:0 a.m.•45 views

DLA-3040-1 firefox-esr - security update

Bulletin has no description...

9.8CVSS8.2AI score0.01055EPSS
Exploits0
OSV
OSV
•added 2022/06/01 12:0 a.m.•45 views

ASB-A-151095871

Bulletin has no description...

7.1AI score
Exploits0
OSV
OSV
•added 2022/05/26 5:15 p.m.•45 views

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

8.1CVSS2AI score0.01914EPSS
Exploits1References5
OSV
OSV
•added 2022/05/24 7:2 p.m.•45 views

GHSA-286V-PCF5-25RC Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS7.1AI score0.03503EPSS
Exploits0References14
OSV
OSV
•added 2022/05/23 10:15 p.m.•45 views

GO-2021-0319 Incorrect computation for some invalid field elements in crypto/elliptic

Some big.Int values that are not valid field elements negative or overflowing might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values...

9.1CVSS9.3AI score0.03015EPSS
Exploits0References4
OSV
OSV
•added 2022/05/18 6:23 p.m.•45 views

GO-2022-0289 Misdirected I/O in syscall

When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec including indirectly by using the os/exec package, syscall.ForkExec can close file descriptor 0 as it fails. If this happens or can be provoked repeatedly, it can result in misdirected I/O such as...

5.8CVSS6.6AI score0.01857EPSS
Exploits0References6
OSV
OSV
•added 2022/05/17 12:0 a.m.•45 views

DSA-5139-1 openssl - security update

Bulletin has no description...

10CVSS9.1AI score0.83223EPSS
Exploits5
OSV
OSV
•added 2022/05/14 1:33 a.m.•45 views

GHSA-9X97-X2P9-HVPF Fileutils Command Injection vulnerability

Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell...

8.8CVSS8.9AI score0.03327EPSS
Exploits1References7
OSV
OSV
•added 2022/05/13 1:30 a.m.•45 views

GHSA-CV3F-PX9R-54HM Phusion Passenger information disclosure

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...

4.7CVSS4.8AI score0.00358EPSS
Exploits0References7
OSV
OSV
•added 2022/05/11 1:22 p.m.•45 views

RLSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

7.5CVSS7.5AI score0.04935EPSS
Exploits0References4
OSV
OSV
•added 2022/05/10 6:45 a.m.•45 views

RLSA-2022:2013 Moderate: openssh security, bug fix, and enhancement update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are...

7CVSS7.5AI score0.02367EPSS
Exploits2References3
OSV
OSV
•added 2022/05/09 12:0 p.m.•45 views

RUSTSEC-2022-0018 Timing attack

Affecting versions did not compare tokens in constant time, which could make it possible for an attacker to guess the 2fa token of a user. This has been fixed by using using the crate constanttimeeq for comparison...

4.2CVSS4.3AI score0.00789EPSS
Exploits0References3
OSV
OSV
•added 2022/05/09 12:0 a.m.•45 views

DSA-5133-1 qemu - security update

Bulletin has no description...

8.2CVSS6.7AI score0.02701EPSS
Exploits2
OSV
OSV
•added 2022/05/03 4:15 p.m.•45 views

CVE-2022-1292

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

7.3CVSS2.7AI score0.83223EPSS
Exploits5References15
OSV
OSV
•added 2022/04/27 12:0 a.m.•45 views

DSA-5125-1 chromium - security update

Bulletin has no description...

9.6CVSS7AI score0.0105EPSS
Exploits25
OSV
OSV
•added 2022/04/19 4:17 p.m.•45 views

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

7.5CVSS7.5AI score
Exploits0References6
OSV
OSV
•added 2022/04/10 12:0 a.m.•45 views

DLA-2977-1 xz-utils - security update

Bulletin has no description...

8.8CVSS8.5AI score0.04271EPSS
Exploits0
OSV
OSV
•added 2022/04/08 12:0 a.m.•45 views

DSA-5115-1 webkit2gtk - security update

Bulletin has no description...

8.8CVSS7.7AI score0.03518EPSS
Exploits0
OSV
OSV
•added 2022/04/08 12:0 a.m.•46 views

DSA-5116-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.7AI score0.03518EPSS
Exploits0
OSV
OSV
•added 2022/04/05 1:15 p.m.•45 views

CVE-2022-26359

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

7.8CVSS6.5AI score
Exploits0References7
OSV
OSV
•added 2022/04/04 9:29 p.m.•45 views

GHSA-C2JG-HW38-JRQQ Inconsistent Interpretation of HTTP Requests in twisted.web

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230: 1. The Content-Length header value could have a + or - prefix. 2. Illegal characters were permitted in chunked extensions, such as the LF \n...

9.2CVSS8.3AI score0.028EPSS
Exploits0References12
OSV
OSV
•added 2022/04/04 12:0 a.m.•45 views

DLA-2970-1 qemu - security update

Bulletin has no description...

7.5CVSS6.5AI score0.00522EPSS
Exploits1
OSV
OSV
•added 2022/04/02 12:0 a.m.•45 views

DLA-2968-1 zlib - security update

Bulletin has no description...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
OSV
OSV
•added 2022/03/14 11:15 a.m.•45 views

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

7.5CVSS1.1AI score
Exploits0References15
OSV
OSV
•added 2022/03/11 7:15 a.m.•45 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

7.5CVSS6.7AI score
Exploits0References7
OSV
OSV
•added 2022/03/01 10:9 p.m.•45 views

GHSA-7F63-H6G3-7CWM Cross Site Scripting (XSS) in @finastra/ssr-pages

A cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. References - https://github.com/Finastra/ssr-pages/pull/2 -...

6.1CVSS6AI score0.00852EPSS
Exploits0References6
OSV
OSV
•added 2022/02/17 5:33 p.m.•45 views

GO-2021-0240 Panic when reading certain archives in archive/zip

NewReader and OpenReader can cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

7.5CVSS7.7AI score0.03464EPSS
Exploits1References4
OSV
OSV
•added 2022/02/16 9:15 p.m.•45 views

CVE-2021-43299

Stack overflow in PJSUA API when calling pjsuaplayercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...

9.8CVSS3.6AI score
Exploits0References6
OSV
OSV
•added 2022/02/09 10:16 p.m.•45 views

GHSA-878W-7GXP-MC63 SQL Injection in Spring Cloud Task

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer...

6CVSS6.3AI score0.00514EPSS
Exploits0References2
OSV
OSV
•added 2022/02/09 12:56 a.m.•45 views

GHSA-C597-F74M-JGC2 Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle MITM attack...

5.9CVSS6.5AI score0.00905EPSS
Exploits0References3
OSV
OSV
•added 2022/01/25 12:0 a.m.•45 views

DLA-2898-1 nss - security update

Bulletin has no description...

6.5CVSS8.2AI score0.0063EPSS
Exploits0
OSV
OSV
•added 2022/01/25 12:0 a.m.•45 views

DSA-5058-1 openjdk-17 - security update

Bulletin has no description...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
•added 2022/01/13 12:0 a.m.•45 views

DSA-5044-1 firefox-esr - security update

Bulletin has no description...

10CVSS7.5AI score0.0134EPSS
Exploits6
OSV
OSV
•added 2021/12/20 8:15 a.m.•45 views

CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...

9.8CVSS1.4AI score
Exploits0References8
OSV
OSV
•added 2021/12/14 7:15 p.m.•45 views

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS8.2AI score0.99999EPSS
Exploits351References22
Total number of security vulnerabilities5000