Lucene search
K
OsvMost viewed

907757 matches found

OSV
OSV
•added 2019/06/29 12:0 a.m.•45 views

DLA-1839-1 expat - security update

Bulletin has no description...

7.8CVSS7.8AI score0.07107EPSS
Exploits1
OSV
OSV
•added 2019/06/20 12:0 a.m.•45 views

DLA-1829-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS9.7AI score0.37951EPSS
Exploits7
OSV
OSV
•added 2019/06/18 4:36 p.m.•45 views

RLSA-2019:1529 Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by Rocky Enterprise Software Foundation Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up...

9.1CVSS7.2AI score0.94494EPSS
Exploits3References5
OSV
OSV
•added 2019/04/23 7:32 p.m.•45 views

CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

4.4CVSS1.6AI score
Exploits0References14
OSV
OSV
•added 2019/04/23 12:0 a.m.•45 views

DLA-1761-1 ghostscript - security update

Bulletin has no description...

7.3CVSS6AI score0.02642EPSS
Exploits0
OSV
OSV
•added 2019/03/13 3:0 a.m.•45 views

PSF-2019-10 HTTP Header Injection (follow-up of CVE-2016-5699)

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS7.3AI score0.05328EPSS
Exploits1References1
OSV
OSV
•added 2018/12/14 12:0 a.m.•45 views

DLA-1562-3 poppler - regression update

Bulletin has no description...

6.5CVSS6.2AI score0.02882EPSS
Exploits1
OSV
OSV
•added 2018/11/21 12:0 a.m.•45 views

DLA-1586-1 openssl - security update

Bulletin has no description...

5.9CVSS6.2AI score0.04763EPSS
Exploits4
OSV
OSV
•added 2018/10/16 7:34 p.m.•45 views

GHSA-X2RG-FMCV-CRQ5 DNN (aka DotNetNuke) has Remote Code Execution via a cookie

DNN aka DotNetNuke before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 Critical Possible remote code execution on DNN sites."...

8.8CVSS8.9AI score0.94789EPSS
Exploits6References5
OSV
OSV
•added 2018/09/17 12:0 p.m.•45 views

RUSTSEC-2018-0006 Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

7.5CVSS7.5AI score0.01411EPSS
Exploits0References3
OSV
OSV
•added 2018/09/07 12:0 a.m.•45 views

DSA-4287-1 firefox-esr - security update

Bulletin has no description...

9.8CVSS7AI score0.03357EPSS
Exploits0
OSV
OSV
•added 2018/08/31 12:0 a.m.•45 views

DLA-1490-1 php5 - security update

Bulletin has no description...

7.5CVSS6.5AI score0.08975EPSS
Exploits1
OSV
OSV
•added 2018/08/27 12:0 a.m.•45 views

DLA-1479-1 twitter-bootstrap3 - security update

Bulletin has no description...

6.1CVSS6.7AI score0.04135EPSS
Exploits1
OSV
OSV
•added 2018/08/22 12:0 a.m.•45 views

DSA-4280-1 openssh - security update

Bulletin has no description...

5.9CVSS6AI score0.98631EPSS
Exploits23
OSV
OSV
•added 2018/08/20 12:0 a.m.•45 views

DSA-4279-1 linux - security update

Bulletin has no description...

5.6CVSS6.7AI score0.08101EPSS
Exploits0
OSV
OSV
•added 2018/08/16 12:0 a.m.•45 views

DSA-4273-1 intel-microcode - security update

Bulletin has no description...

5.6CVSS6.3AI score0.60631EPSS
Exploits2
OSV
OSV
•added 2018/08/01 6:29 p.m.•45 views

CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.5AI score
Exploits0References41
OSV
OSV
•added 2018/07/30 12:0 a.m.•45 views

DLA-1453-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.8AI score0.213EPSS
Exploits0
OSV
OSV
•added 2018/07/13 12:0 a.m.•45 views

DLA-1421-1 ruby2.1 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.73927EPSS
Exploits18
OSV
OSV
•added 2018/07/07 12:0 a.m.•45 views

DLA-1418-1 bouncycastle - security update

Bulletin has no description...

7.5CVSS6.1AI score0.03174EPSS
Exploits0
OSV
OSV
•added 2018/05/25 12:0 a.m.•45 views

DSA-4210-1 xen - security update

Bulletin has no description...

5.5CVSS6.3AI score0.60631EPSS
Exploits2
OSV
OSV
•added 2018/04/28 12:0 a.m.•45 views

DSA-4185-1 openjdk-8 - security update

Bulletin has no description...

8.3CVSS6.7AI score0.15141EPSS
Exploits0
OSV
OSV
•added 2018/04/19 12:0 a.m.•45 views

DLA-1355-1 mysql-5.5 - security update

Bulletin has no description...

7.7CVSS6.6AI score0.0401EPSS
Exploits0
OSV
OSV
•added 2018/03/27 12:0 a.m.•45 views

DLA-1319-1 firefox-esr - security update

Bulletin has no description...

9.8CVSS8.2AI score0.12054EPSS
Exploits0
OSV
OSV
•added 2018/03/13 12:0 a.m.•45 views

DSA-4135-1 samba - security update

Bulletin has no description...

8.8CVSS7AI score0.10308EPSS
Exploits1
OSV
OSV
•added 2018/01/26 2:29 a.m.•45 views

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

8.8CVSS9AI score
Exploits0References1
OSV
OSV
•added 2017/11/16 12:0 a.m.•45 views

DSA-4037-1 jackson-databind - security update

Bulletin has no description...

9.8CVSS9.6AI score0.08411EPSS
Exploits2
OSV
OSV
•added 2017/10/29 8:29 p.m.•45 views

PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS7.3AI score0.03394EPSS
Exploits0References4
OSV
OSV
•added 2017/10/24 6:33 p.m.•45 views

GHSA-76WQ-XW4H-F8WJ activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References11
OSV
OSV
•added 2017/10/24 6:33 p.m.•45 views

GHSA-HGPP-PP89-4FGF Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

6.4CVSS7.4AI score0.046EPSS
Exploits1References13
OSV
OSV
•added 2017/10/24 6:33 p.m.•45 views

GHSA-7G65-GHRG-HPF5 actionpack Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML...

4.3CVSS5.2AI score0.01977EPSS
Exploits1References7
OSV
OSV
•added 2017/10/24 6:33 p.m.•45 views

GHSA-6H5Q-96HP-9JGM actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6.6AI score0.03171EPSS
Exploits0References18
OSV
OSV
•added 2017/10/24 6:33 p.m.•45 views

GHSA-XRR4-P6FQ-HJG7 Directory traversal vulnerability in Action View in Ruby on Rails

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.2AI score0.95537EPSS
Exploits11References21
OSV
OSV
•added 2017/10/05 1:29 a.m.•45 views

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

8.8CVSS6.6AI score
Exploits0References12
OSV
OSV
•added 2017/09/26 12:0 a.m.•45 views

DLA-1112-1 rubygems - security update

Bulletin has no description...

7.5CVSS8.7AI score0.29442EPSS
Exploits3
OSV
OSV
•added 2017/08/28 12:0 a.m.•45 views

DLA-1070-1 qemu - security update

Bulletin has no description...

7.8CVSS7AI score0.04544EPSS
Exploits0
OSV
OSV
•added 2017/08/17 12:0 a.m.•45 views

DSA-3944-1 mariadb-10.0 - security update

Bulletin has no description...

7.7CVSS6.2AI score0.03225EPSS
Exploits0
OSV
OSV
•added 2017/08/17 12:0 a.m.•45 views

DSA-3945-1 linux - security update

Bulletin has no description...

7.8CVSS6.9AI score0.03631EPSS
Exploits13
OSV
OSV
•added 2017/07/13 3:29 p.m.•45 views

CVE-2017-9787

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

7.5CVSS8.2AI score0.99461EPSS
Exploits23References7
OSV
OSV
•added 2017/06/22 12:0 a.m.•45 views

DSA-3892-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS6.7AI score0.16567EPSS
Exploits1
OSV
OSV
•added 2017/06/08 8:29 p.m.•45 views

CVE-2016-4473

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

9.8CVSS9.9AI score
Exploits0References4
OSV
OSV
•added 2017/06/01 12:0 a.m.•45 views

DSA-3870-1 wordpress - security update

Bulletin has no description...

8.8CVSS7AI score0.26699EPSS
Exploits7
OSV
OSV
•added 2017/05/19 12:0 a.m.•45 views

DLA-946-1 nss - security update

Bulletin has no description...

9.8CVSS7.6AI score0.04741EPSS
Exploits0
OSV
OSV
•added 2017/03/28 12:0 a.m.•45 views

DLA-875-1 php5 - security update

Bulletin has no description...

9.8CVSS7.5AI score0.42401EPSS
Exploits4
OSV
OSV
•added 2017/01/25 12:0 a.m.•45 views

DLA-797-1 mysql-5.5 - security update

Bulletin has no description...

6.7CVSS6.3AI score0.04792EPSS
Exploits0
OSV
OSV
•added 2016/12/13 12:0 a.m.•45 views

DSA-3732-1 php5 - security update

Bulletin has no description...

9.8CVSS8.7AI score0.42401EPSS
Exploits1
OSV
OSV
•added 2016/11/05 12:0 p.m.•45 views

RUSTSEC-2016-0001 SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

8.1CVSS7.8AI score0.00745EPSS
Exploits0References3
OSV
OSV
•added 2016/09/17 12:0 a.m.•45 views

DLA-626-1 phpmyadmin - security update

Bulletin has no description...

9.8CVSS6.4AI score0.0475EPSS
Exploits0
OSV
OSV
•added 2016/09/01 12:59 a.m.•45 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

7.5CVSS2.3AI score0.95707EPSS
Exploits7References137
OSV
OSV
•added 2016/07/29 12:0 a.m.•45 views

DLA-569-1 xmlrpc-epi - security update

Bulletin has no description...

9.8CVSS7.8AI score0.06271EPSS
Exploits1
Total number of security vulnerabilities5000