Lucene search
K
OsvMost viewed

905908 matches found

OSV
OSV
•added 2024/08/02 7:18 a.m.•145 views

BIT-ELASTICSEARCH-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

7.5CVSS6AI score0.00206EPSS
Exploits0References3
OSV
OSV
•added 2024/05/29 7:29 a.m.•145 views

BIT-GITLAB-2023-7045 Cross-Site Request Forgery (CSRF) in GitLab

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...

6.1CVSS5.8AI score0.00286EPSS
Exploits1References3
OSV
OSV
•added 2024/03/06 10:50 a.m.•145 views

BIT-APACHE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.5AI score0.70595EPSS
Exploits0References3
OSV
OSV
•added 2023/10/22 6:15 p.m.•145 views

CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

7.5CVSS7.1AI score
Exploits0References3
OSV
OSV
•added 2022/09/12 8:23 p.m.•145 views

GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2

HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service...

7.5CVSS7.2AI score0.02513EPSS
Exploits0References3
OSV
OSV
•added 2022/01/28 10:8 p.m.•145 views

GHSA-6JHM-4VMX-MR76 SQL injection in Moodle

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...

9.8CVSS9.6AI score0.44918EPSS
Exploits4References5
OSV
OSV
•added 2020/05/20 4:18 p.m.•145 views

GHSA-Q4M3-2J7H-F7XW Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

6.1CVSS5.8AI score0.06273EPSS
Exploits4References12
OSV
OSV
•added 2024/03/06 11:6 a.m.•144 views

BIT-PYTHON-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

9.8CVSS9.5AI score0.06827EPSS
Exploits1References18
OSV
OSV
•added 2021/07/29 12:0 a.m.•144 views

OSV-2021-1069 Segv on unknown address in helper_uc_tracecode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36616 Crash type: Segv on unknown address Crash state: helpeructracecode...

7.2AI score
Exploits0References1
OSV
OSV
•added 2020/05/15 4:15 p.m.•144 views

CVE-2018-10756

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file...

7.8CVSS8AI score0.02632EPSS
Exploits2References7
OSV
OSV
•added 2017/07/29 12:0 a.m.•144 views

DLA-841-2 apache2 - regression update

Bulletin has no description...

7.5CVSS7.8AI score0.13252EPSS
Exploits0
OSV
OSV
•added 2025/03/20 6:3 p.m.•143 views

CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...

3.7CVSS5.6AI score0.00694EPSS
Exploits0References5
OSV
OSV
•added 2024/09/27 7:24 a.m.•143 views

BIT-GITLAB-2024-4278 Incorrect Synchronization in GitLab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

5.5CVSS4.1AI score0.00226EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 10:58 a.m.•143 views

BIT-NGINX-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References179
OSV
OSV
•added 2023/01/14 3:30 a.m.•143 views

GHSA-PF38-5P22-X6H6 Code Injection in pyload-ng

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

9.8CVSS9.6AI score0.96988EPSS
Exploits13References5
OSV
OSV
•added 2021/12/16 9:1 p.m.•143 views

GHSA-J7C3-96RF-JRRP Critical vulnerability in log4j may affect generated PEAR projects

Impact UIMA PEAR projects that have been generated with the de.averbis.textanalysis:pear-archetype version 2.0.0 have a maven dependency with scope test to log4j 2.8.2 and might be affected by CVE-2021-44228. Patches - The issue has been resolved in de.averbis.textanalysis:pear-archetype version...

10AI score
Exploits0References3
OSV
OSV
•added 2024/09/09 8:19 p.m.•142 views

GHSA-9WV6-86V2-598J path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

8.7CVSS6.2AI score0.00932EPSS
Exploits0References10
OSV
OSV
•added 2024/02/22 6:15 p.m.•142 views

GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE

Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...

10CVSS7.5AI score
Exploits0References4
OSV
OSV
•added 2022/03/25 7:26 p.m.•142 views

GHSA-Q7RV-6HP3-VH96 Improper Input Validation in guzzlehttp/psr7

Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...

5.3CVSS5.9AI score0.02384EPSS
Exploits0References8
OSV
OSV
•added 2022/03/04 12:0 a.m.•142 views

GHSA-3GX9-37WW-9QW6 Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the...

10CVSS9.8AI score0.98253EPSS
Exploits54References6
OSV
OSV
•added 2020/10/02 4:22 p.m.•142 views

GHSA-36J3-XXF7-4PQG Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

6.5CVSS7.3AI score0.03819EPSS
Exploits0References19
OSV
OSV
•added 2023/01/20 7:33 p.m.•141 views

GHSA-Q95H-CQRV-8JV5 ExifTool vulnerable to arbitrary code execution

Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads Patches ExifTool has already been patched in version 12.24. exiftoolvendored.rb, which vendors ExifTool, includes this patch in v12.25.0. Workarounds No References...

7.8CVSS7.6AI score
Exploits0References3
OSV
OSV
•added 2021/12/18 12:0 a.m.•141 views

GHSA-FPFV-JQM9-F5JM Incorrect Comparison in NumPy

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

5.3CVSS5.3AI score0.01561EPSS
Exploits1References7
OSV
OSV
•added 2020/10/01 12:0 a.m.•141 views

DLA-2392-1 jruby - security update

Bulletin has no description...

7.5CVSS7.8AI score0.03818EPSS
Exploits0
OSV
OSV
•added 2019/10/15 7:27 p.m.•141 views

GHSA-C427-HJC3-WRFW Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.3AI score0.0558EPSS
Exploits1References15
OSV
OSV
•added 2024/10/09 4:41 p.m.•140 views

BIT-REDIS-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

6.5CVSS6.5AI score0.01009EPSS
Exploits0References4
OSV
OSV
•added 2022/12/25 6:15 a.m.•140 views

CVE-2022-42898

PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...

8.8CVSS6.4AI score0.06419EPSS
Exploits1References11
OSV
OSV
•added 2024/06/12 7:31 a.m.•139 views

BIT-PHP-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS5.8AI score0.01158EPSS
Exploits1References5
OSV
OSV
•added 2023/11/01 10:39 p.m.•139 views

GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc

An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, grpc.MaxConcurrentStreams. This results in a denial of...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References2
OSV
OSV
•added 2023/09/21 5:11 p.m.•139 views

GHSA-J646-GJ5P-P45G CefSharp affected by heap buffer overflow in WebP

Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...

7AI score
Exploits0References4
OSV
OSV
•added 2022/01/06 11:55 p.m.•139 views

GHSA-H376-J262-VHQ6 RCE in H2 Console

Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...

9.8CVSS9.4AI score0.63211EPSS
Exploits3References10
OSV
OSV
•added 2025/03/13 7:14 a.m.•138 views

BIT-MARIADB-2023-52969

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2...

4.9CVSS5AI score0.00432EPSS
Exploits0References3
OSV
OSV
•added 2020/02/14 11:8 p.m.•138 views

GHSA-R5FX-8R73-V86C AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes

Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version 1.5.0-beta.1 or...

6.1CVSS6.5AI score0.01382EPSS
Exploits0References8
OSV
OSV
•added 2018/07/24 8:6 p.m.•138 views

GHSA-FX46-WHRJ-73V5 Bypassing Sanitization using DOM clobbering in html-janitor

All versions of html-janitor are vulnerable to cross-site scripting XSS. Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous XSS in case user-controlled input is passed to the clean function." Recommendation Upgrade to version 2.0.4 or later...

6.1CVSS5.9AI score0.01038EPSS
Exploits0References5
OSV
OSV
•added 2003/06/27 12:0 a.m.•138 views

DSA-332 linux-kernel-2.4.17 - several vulnerabilities

Bulletin has no description...

10CVSS5.2AI score0.73006EPSS
Exploits20
OSV
OSV
•added 2025/03/13 7:14 a.m.•137 views

BIT-MARIADB-2023-52968

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

4.9CVSS5AI score0.00396EPSS
Exploits0References2
OSV
OSV
•added 2024/03/06 10:55 a.m.•137 views

BIT-APACHE-2021-40438 mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS8.2AI score0.99999EPSS
Exploits5References21
OSV
OSV
•added 2023/12/18 4:15 p.m.•137 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.5AI score0.9378EPSS
Exploits4References134
OSV
OSV
•added 2023/05/03 9:57 p.m.•137 views

GHSA-4WM2-CWCF-WWVP Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...

4.8CVSS5.2AI score0.00524EPSS
Exploits0References11
OSV
OSV
•added 2022/06/11 12:0 a.m.•137 views

GHSA-PV7H-HX5H-MGFJ Unsafe deserialization in com.alibaba:fastjson

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

8.1CVSS9.3AI score0.17767EPSS
Exploits5References9
OSV
OSV
•added 2024/08/27 7:50 p.m.•136 views

GHSA-4VVJ-4CPR-P986 Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

6.4CVSS6.5AI score0.00897EPSS
Exploits1References7
OSV
OSV
•added 2021/11/10 7:52 p.m.•136 views

GHSA-QCJ6-JQRG-4WP2 Template injection in thymeleaf-spring5

In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...

9.8CVSS9.8AI score0.03866EPSS
Exploits1References6
OSV
OSV
•added 2021/03/21 12:0 a.m.•136 views

OSV-2021-542 Heap-buffer-overflow in luaG_getfuncline

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32279 Crash type: Heap-buffer-overflow READ 1 Crash state: luaGgetfuncline luaGrunerror luaDgrowstack...

7.2AI score
Exploits0References1
OSV
OSV
•added 2025/04/12 8:5 a.m.•135 views

BIT-GITLAB-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users...

5.3CVSS4.1AI score0.00344EPSS
Exploits1References3
OSV
OSV
•added 2024/11/28 7:21 p.m.•135 views

BIT-GITLAB-2024-11828 Inefficient Algorithmic Complexity in GitLab

A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...

7.5CVSS5.3AI score0.00583EPSS
Exploits0References3
OSV
OSV
•added 2023/08/22 7:56 p.m.•135 views

MAL-2023-1539 Malicious code in angl-archtslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e5d9cbbc6608e412a429d0d62fb5d10c38aa9be4ceb86df876f1f1aaafeb52ec The OpenSSF Package Analysis project identified 'angl-archtslint' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
OSV
OSV
•added 2020/08/16 12:0 a.m.•135 views

DLA-2330-1 jruby - security update

Bulletin has no description...

8.8CVSS7AI score0.0576EPSS
Exploits2
OSV
OSV
•added 2017/02/28 12:0 a.m.•135 views

DLA-841-1 apache2 - security update

Bulletin has no description...

7.5CVSS7.8AI score0.13252EPSS
Exploits0
OSV
OSV
•added 2025/04/12 8:5 a.m.•134 views

BIT-GITLAB-2025-2408 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information...

5.3CVSS5.1AI score0.00301EPSS
Exploits1References3
OSV
OSV
•added 2024/10/09 4:41 p.m.•134 views

BIT-REDIS-2024-31227 Denial-of-service due to malformed ACL selectors in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

4.4CVSS5.5AI score0.00397EPSS
Exploits0References3
Total number of security vulnerabilities5000