Lucene search
K
OsvMost viewed

908476 matches found

OSV
OSV
added 2023/08/10 12:0 a.m.46 views

DLA-3524-1 linux - security update

Bulletin has no description...

6.5CVSS7.7AI score0.03882EPSS
Exploits1
OSV
OSV
added 2023/07/31 12:0 a.m.46 views

DLA-3512-1 linux-5.10 - security update

Bulletin has no description...

7.8CVSS7.2AI score0.06127EPSS
Exploits3
OSV
OSV
added 2023/07/20 3:15 p.m.46 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5.3CVSS7AI score0.62606EPSS
Exploits0References11
OSV
OSV
added 2023/07/06 12:0 a.m.46 views

DLA-3481-1 libusrsctp - security update

Bulletin has no description...

6.5CVSS8.2AI score0.03155EPSS
Exploits1
OSV
OSV
added 2023/06/29 12:0 a.m.46 views

ALSA-2023:3922 Critical: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary code at build time when...

9.8CVSS9.3AI score0.01837EPSS
Exploits0References10
OSV
OSV
added 2023/06/01 12:0 a.m.46 views

ASB-A-242704576

In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.7CVSS4.8AI score0.00064EPSS
Exploits0References2
OSV
OSV
added 2023/05/25 7:53 p.m.46 views

RLSA-2023:2652 Important: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...

9.8CVSS7AI score0.0183EPSS
Exploits0References6
OSV
OSV
added 2023/05/23 7:54 p.m.46 views

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

8.6CVSS7.9AI score0.99999EPSS
Exploits15References11
OSV
OSV
added 2023/05/22 7:49 p.m.46 views

GHSA-M6M8-6GQ8-C9FJ Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally...

9.8CVSS9.7AI score0.01116EPSS
Exploits0References6
OSV
OSV
added 2023/05/15 8:58 p.m.47 views

CVE-2023-31145 Reflected XSS vulnerability in CollaboraOnline

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...

4.3CVSS5.9AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2023/05/15 7:45 p.m.46 views

CVE-2023-32313 Inspect method manipulation in vm2

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

5.3CVSS5.8AI score0.0079EPSS
Exploits0References6
OSV
OSV
added 2023/05/10 3:30 p.m.46 views

GHSA-P58X-7733-VP9M n8n Directory Traversal vulnerability

The n8n package prior to version 0.216.1 for Node.js allows Directory Traversal...

6.5CVSS6.4AI score0.02316EPSS
Exploits1References9
OSV
OSV
added 2023/05/03 12:0 a.m.46 views

DSA-5397-1 wpewebkit - security update

Bulletin has no description...

8.8CVSS7.6AI score0.27076EPSS
Exploits1
OSV
OSV
added 2023/04/16 12:0 a.m.46 views

DSA-5390-1 chromium - security update

Bulletin has no description...

8.8CVSS8.9AI score0.40798EPSS
Exploits1
OSV
OSV
added 2023/04/12 12:0 a.m.46 views

ALSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...

8.6CVSS8.1AI score0.24928EPSS
Exploits4References16
OSV
OSV
added 2023/04/11 12:0 a.m.46 views

ALSA-2023:1691 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: FUSE filesystem low-privileged user privileges escalation CVE-2023-0386 For more details about the security issues, including the...

7.8CVSS8.2AI score0.0788EPSS
Exploits14References4
OSV
OSV
added 2023/04/05 9:4 p.m.46 views

GO-2023-1704 Excessive memory allocation in net/http and net/textproto

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS8.5AI score0.01888EPSS
Exploits0References3
OSV
OSV
added 2023/04/04 9:11 p.m.46 views

GHSA-6WRF-MXFJ-PF5P Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7.8AI score0.02733EPSS
Exploits2References7
OSV
OSV
added 2023/04/04 12:0 a.m.46 views

ALSA-2023:1584 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF...

7.9CVSS7.6AI score0.0788EPSS
Exploits14References10
OSV
OSV
added 2023/03/31 8:15 p.m.46 views

CVE-2023-27163

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

6.5CVSS6.5AI score
Exploits0References6
OSV
OSV
added 2023/03/29 4:47 p.m.46 views

RLSA-2023:0946 Important: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: read buffer overflow in...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References20
OSV
OSV
added 2023/03/27 12:0 a.m.46 views

ALSA-2023:1469 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-026...

7.9CVSS7.5AI score0.03702EPSS
Exploits0References8
OSV
OSV
added 2023/03/23 9:30 p.m.46 views

GHSA-72W2-J52C-7682 Moodle SQL Injection vulnerability

Insufficient validation of profile field availability condition resulted in an SQL injection risk by default only available to teachers and managers...

8.8CVSS8.9AI score0.01195EPSS
Exploits0References8
OSV
OSV
added 2023/03/22 6:36 p.m.46 views

GHSA-42C3-WVWW-GCQJ Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

6.5CVSS7.4AI score0.65115EPSS
Exploits1References6
OSV
OSV
added 2023/03/17 2:43 p.m.46 views

GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

6CVSS6AI score0.00407EPSS
Exploits0References5
OSV
OSV
added 2023/03/10 9:15 p.m.46 views

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

7.5CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2023/02/28 10:21 p.m.46 views

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.5AI score0.00604EPSS
Exploits0References4
OSV
OSV
added 2023/02/27 12:0 a.m.46 views

DSA-5365-1 curl - security update

Bulletin has no description...

6.5CVSS7.4AI score0.01703EPSS
Exploits1
OSV
OSV
added 2023/02/21 12:0 a.m.46 views

ALSA-2023:0838 Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and...

8.1CVSS7.2AI score0.02559EPSS
Exploits0References4
OSV
OSV
added 2023/02/14 7:34 p.m.46 views

GO-2023-1557 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs

Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus "fanout" parameter in the HAMT directory nodes. A workaround is to not feed untrusted user data to th...

7.5CVSS6.2AI score0.00675EPSS
Exploits0References2
OSV
OSV
added 2023/02/08 9:33 p.m.46 views

GHSA-R4F8-F93X-5QH3 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

8.8CVSS7AI score0.00831EPSS
Exploits1References10
OSV
OSV
added 2023/02/01 11:19 p.m.46 views

GO-2023-1295 SQL injection in github.com/square/squalor

There is a potential for SQL injection in the table name parameter...

9.8CVSS9.8AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2023/01/29 12:0 a.m.46 views

DSA-5332-1 git - security update

Bulletin has no description...

9.8CVSS7.4AI score0.56334EPSS
Exploits1
OSV
OSV
added 2023/01/26 9:30 p.m.46 views

GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

9.8CVSS9.1AI score0.02712EPSS
Exploits1References4
OSV
OSV
added 2023/01/26 7:51 p.m.46 views

GHSA-R3C9-9J5Q-PWV4 magento-lts Reset Password not protected against well-timed CSRF

Impact Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password. Patches PR forthcoming Workarounds None...

4.3CVSS4.5AI score0.00383EPSS
Exploits1References7
OSV
OSV
added 2023/01/26 12:0 a.m.46 views

DLA-3282-1 git - security update

Bulletin has no description...

9.8CVSS9.9AI score0.56334EPSS
Exploits0
OSV
OSV
added 2023/01/25 7:38 p.m.46 views

GHSA-C45C-39F6-6GW9 Rancher generated tokens not revoked after modifications made to authentication provider

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It only affects Rancher setups that have an external authentication provider configured or had one configured in the past. It was discovered that when an external...

8.8CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2023/01/23 2:30 p.m.46 views

RLSA-2023:0339 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

5.9CVSS7.4AI score0.19193EPSS
Exploits2References2
OSV
OSV
added 2023/01/23 12:0 a.m.46 views

ALSA-2023:0304 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS7.7AI score0.04354EPSS
Exploits0References10
OSV
OSV
added 2023/01/18 6:23 p.m.46 views

GHSA-J6GC-792M-QGM2 ReDoS based DoS vulnerability in Active Support's underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...

7.5CVSS7.5AI score0.01712EPSS
Exploits0References9
OSV
OSV
added 2023/01/10 10:28 p.m.46 views

GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted

If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...

3.5CVSS3.6AI score0.00555EPSS
Exploits0References5
OSV
OSV
added 2022/12/15 7:15 p.m.46 views

PYSEC-2022-43060

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

5.9CVSS5.5AI score0.01021EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 9:30 p.m.46 views

GHSA-XRJJ-MJ9H-534M golang.org/x/net/http2 vulnerable to possible excessive memory growth

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References25
OSV
OSV
added 2022/12/07 11:5 p.m.46 views

GHSA-43FP-RHV2-5GV8 Certifi removing TrustCor root certificate

Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a...

6.8CVSS7AI score0.00535EPSS
Exploits0References7
OSV
OSV
added 2022/11/15 6:22 a.m.46 views

RLSA-2022:8353 Moderate: python3.9 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

7.6CVSS7.6AI score0.07017EPSS
Exploits1References6
OSV
OSV
added 2022/11/15 12:0 a.m.46 views

ALSA-2022:7967 Moderate: qemu-kvm security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm 7.0.0...

8.2CVSS7.8AI score0.0053EPSS
Exploits4References10
OSV
OSV
added 2022/11/08 6:25 a.m.46 views

RLSA-2022:7647 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

8.1CVSS8.8AI score0.90407EPSS
Exploits2References11
OSV
OSV
added 2022/11/08 12:0 a.m.46 views

ALSA-2022:7811 Important: mingw-expat security update

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packages have been upgraded to a later upstream version: mingw-expat 2.4.8. BZ2057023, BZ2057037, BZ2057127 Security Fixes: expat: Malformed 2- and 3-byte UTF-8...

9.8CVSS9.3AI score0.34174EPSS
Exploits1References14
OSV
OSV
added 2022/11/02 12:15 p.m.46 views

PYSEC-2022-42970

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

6.1CVSS4.7AI score0.01435EPSS
Exploits0References6
OSV
OSV
added 2022/11/02 12:0 a.m.46 views

DSA-5269-1 pypy3 - security update

Bulletin has no description...

9.8CVSS8.9AI score0.05193EPSS
Exploits1
Total number of security vulnerabilities5000