Lucene search
K
OsvMost viewed

908024 matches found

OSV
OSV
•added 2022/04/04 12:0 a.m.•45 views

DLA-2970-1 qemu - security update

Bulletin has no description...

7.5CVSS6.5AI score0.00522EPSS
Exploits1
OSV
OSV
•added 2022/04/02 12:0 a.m.•45 views

DLA-2968-1 zlib - security update

Bulletin has no description...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
OSV
OSV
•added 2022/04/01 12:0 a.m.•45 views

ASB-A-205836329

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed...

7.8CVSS7.8AI score0.00332EPSS
Exploits0References2
OSV
OSV
•added 2022/03/14 11:15 a.m.•45 views

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...

7.5CVSS1.1AI score
Exploits0References15
OSV
OSV
•added 2022/03/11 7:15 a.m.•45 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

7.5CVSS6.7AI score
Exploits0References7
OSV
OSV
•added 2022/03/01 10:9 p.m.•45 views

GHSA-7F63-H6G3-7CWM Cross Site Scripting (XSS) in @finastra/ssr-pages

A cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. References - https://github.com/Finastra/ssr-pages/pull/2 -...

6.1CVSS6AI score0.00852EPSS
Exploits0References6
OSV
OSV
•added 2022/01/25 12:0 a.m.•45 views

DSA-5058-1 openjdk-17 - security update

Bulletin has no description...

5.3CVSS5.9AI score0.08346EPSS
Exploits0
OSV
OSV
•added 2022/01/25 12:0 a.m.•45 views

DLA-2898-1 nss - security update

Bulletin has no description...

6.5CVSS8.2AI score0.0063EPSS
Exploits0
OSV
OSV
•added 2022/01/21 11:35 p.m.•45 views

GHSA-6R92-CGXC-R5FG Denial of service in CBOR library

Impact Due to this library's use of an inefficient algorithm, it is vulnerable to a denial of service attack when a maliciously crafted input is passed to DecodeFromBytes or other CBOR decoding mechanisms in this library. Affected versions include versions 4.0.0 through 4.5.0. This vulnerability...

7.5CVSS7.4AI score0.01061EPSS
Exploits0References4
OSV
OSV
•added 2022/01/13 12:0 a.m.•45 views

DSA-5044-1 firefox-esr - security update

Bulletin has no description...

10CVSS7.5AI score0.0134EPSS
Exploits6
OSV
OSV
•added 2021/12/20 8:15 a.m.•45 views

CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...

9.8CVSS1.4AI score
Exploits0References8
OSV
OSV
•added 2021/12/14 7:15 p.m.•45 views

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS8.2AI score0.99999EPSS
Exploits353References22
OSV
OSV
•added 2021/12/12 12:0 a.m.•45 views

DLA-2843-1 linux - security update

Bulletin has no description...

8.8CVSS7.7AI score0.06846EPSS
Exploits9
OSV
OSV
•added 2021/12/09 5:15 p.m.•45 views

PYSEC-2021-851

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

8.8CVSS2.5AI score0.0125EPSS
Exploits0References3
OSV
OSV
•added 2021/11/12 12:0 a.m.•45 views

DLA-2817-1 postgresql-9.6 - security update

Bulletin has no description...

8.1CVSS7.1AI score0.01901EPSS
Exploits0
OSV
OSV
•added 2021/11/10 9:0 a.m.•45 views

ALBA-2021:4604 httpd:2.4 bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Bug Fixes: proxy rewrite to unix socket fails with CVE-2021-40438 fix BZ2017854, BZ2017855, BZ2017856...

9CVSS8.3AI score0.99999EPSS
Exploits5References1
OSV
OSV
•added 2021/11/09 7:25 p.m.•45 views

ALSA-2021:4537 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in AlmaLinux CVE-2021-20325 For more details about the security issues, including the impact, a CVSS score,...

10CVSS8.7AI score0.99999EPSS
Exploits5References2
OSV
OSV
•added 2021/11/09 8:42 a.m.•45 views

ALSA-2021:4213 Moderate: php:7.4 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.19. BZ1944110 Security Fixes: php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 php: FILTERVALIDATEURL...

7.5CVSS6.9AI score0.05029EPSS
Exploits3References6
OSV
OSV
•added 2021/11/09 8:25 a.m.•45 views

ALSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...

7.5CVSS7.3AI score0.034EPSS
Exploits3References4
OSV
OSV
•added 2021/11/09 8:24 a.m.•45 views

ALSA-2021:4154 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...

7.1CVSS6.7AI score0.01587EPSS
Exploits1References3
OSV
OSV
•added 2021/10/12 4:32 p.m.•45 views

GHSA-Q9P4-QFC8-FVPP SQL Injection in medoo

columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...

9.8CVSS9.8AI score0.01421EPSS
Exploits0References4
OSV
OSV
•added 2021/10/12 12:0 a.m.•45 views

DLA-2785-1 linux-4.19 - security update

Bulletin has no description...

8.8CVSS7.7AI score0.01476EPSS
Exploits15
OSV
OSV
•added 2021/10/04 6:15 p.m.•45 views

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

8.8CVSS2.9AI score
Exploits0References10
OSV
OSV
•added 2021/09/01 6:15 p.m.•45 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS9.4AI score
Exploits0References3
OSV
OSV
•added 2021/08/30 4:13 p.m.•45 views

GHSA-H76R-VGF3-J6W5 October CMS auth bypass and account takeover

Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...

7.4CVSS8.5AI score0.00895EPSS
Exploits0References5
OSV
OSV
•added 2021/08/24 12:0 p.m.•45 views

RUSTSEC-2021-0098 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL 0 byt...

7.4CVSS7.9AI score0.50445EPSS
Exploits0References3
OSV
OSV
•added 2021/08/13 12:0 a.m.•45 views

DSA-4958-1 exiv2 - security update

Bulletin has no description...

7.8CVSS6.2AI score0.04296EPSS
Exploits3
OSV
OSV
•added 2021/08/09 8:43 p.m.•45 views

GHSA-HWFP-HG2M-9VR2 Integer overflow in pywin32

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...

7.1CVSS6.4AI score0.01729EPSS
Exploits0References8
OSV
OSV
•added 2021/07/19 9:21 p.m.•45 views

GHSA-RR6V-H7M8-WC9F Cross-site Scripting in Froala WYSIWYG Editor

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS5.2AI score0.52037EPSS
Exploits0References3
OSV
OSV
•added 2021/07/14 12:0 a.m.•45 views

DSA-4939-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS7.5AI score0.03582EPSS
Exploits1
OSV
OSV
•added 2021/06/30 11:15 a.m.•45 views

CVE-2021-28693

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the...

5.5CVSS6.4AI score
Exploits0References2
OSV
OSV
•added 2021/06/30 12:38 a.m.•45 views

UVI-2021-1001090 net: bridge: fix vlan tunnel dst refcnt when egressing

net: bridge: fix vlan tunnel dst refcnt when egressing This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

7.2AI score
Exploits0
OSV
OSV
•added 2021/06/23 6:14 p.m.•45 views

GHSA-7JR6-PRV4-5WF5 Duplicate Advisory: Helm passes repository credentials to alternate domain

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56hp-xqp3-w2jf. This link is maintained to preserve external references. Original Description Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6....

6.8CVSS8.4AI score0.01395EPSS
Exploits0References7
OSV
OSV
•added 2021/06/01 12:0 a.m.•45 views

ASB-A-174886838

In smpprocesspairingpublickey of smpact.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

4.3CVSS6.6AI score0.00872EPSS
Exploits0References1
OSV
OSV
•added 2021/05/20 12:0 a.m.•45 views

OSV-2021-777 Heap-use-after-free in xmlAddNextSibling

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461 Crash type: Heap-use-after-free READ 4 Crash state: xmlAddNextSibling xmlXIncludeCopyRange xmlXIncludeCopyXPointer...

6.7AI score
Exploits0References1
OSV
OSV
•added 2021/05/18 5:34 a.m.•45 views

RLSA-2021:1581 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

5.5CVSS7.3AI score0.01027EPSS
Exploits2References4
OSV
OSV
•added 2021/05/07 3:15 p.m.•45 views

CVE-2021-29488

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...

5.3CVSS6.8AI score
Exploits0References1
OSV
OSV
•added 2021/05/06 2:15 p.m.•45 views

CVE-2021-22208

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...

4.3CVSS6.4AI score0.00756EPSS
Exploits0References2
OSV
OSV
•added 2021/05/05 12:0 a.m.•45 views

DLA-2650-1 exim4 - security update

Bulletin has no description...

9.8CVSS7AI score0.61061EPSS
Exploits5
OSV
OSV
•added 2021/04/14 8:4 p.m.•45 views

GO-2021-0063 Nil pointer dereference via malicious RPC message in github.com/ethereum/go-ethereum

Due to a nil pointer dereference, a maliciously crafted RPC message can cause a panic. If handling RPC messages from untrusted clients, this may be used as a denial of service vector...

6.5CVSS6.2AI score0.01864EPSS
Exploits0References2
OSV
OSV
•added 2021/04/05 12:0 a.m.•45 views

DLA-2619-1 python3.5 - security update

Bulletin has no description...

9.8CVSS8AI score0.35963EPSS
Exploits2
OSV
OSV
•added 2021/03/05 12:0 a.m.•45 views

DLA-2583-1 activemq - security update

Bulletin has no description...

7.5CVSS6.1AI score0.23255EPSS
Exploits0
OSV
OSV
•added 2021/03/04 1:15 p.m.•45 views

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...

8.8CVSS7.3AI score0.02935EPSS
Exploits3References4
OSV
OSV
•added 2021/02/16 7:36 a.m.•45 views

ALSA-2021:0558 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to an use-after-free CVE-2020-29661 kernel: performance counters race condition use-after-free CVE-2020-14351 kernel: ICMP rate limiting...

7.8CVSS8.1AI score0.06692EPSS
Exploits3References3
OSV
OSV
•added 2021/02/16 7:32 a.m.•45 views

RLSA-2021:0538 Moderate: nss security and bug fix update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel...

7.4CVSS7.5AI score0.01541EPSS
Exploits0References8
OSV
OSV
•added 2021/01/12 9:15 a.m.•45 views

PYSEC-2021-71

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...

5.8CVSS2.2AI score0.01573EPSS
Exploits0References4
OSV
OSV
•added 2020/12/15 4:4 p.m.•45 views

ALSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...

8.8CVSS7.1AI score0.03485EPSS
Exploits0References6
OSV
OSV
•added 2020/11/23 2:15 p.m.•45 views

CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

6.5CVSS6.5AI score
Exploits0References3
OSV
OSV
•added 2020/10/21 12:0 a.m.•45 views

DSA-4777-1 freetype - security update

Bulletin has no description...

9.6CVSS8.4AI score0.5063EPSS
Exploits2
OSV
OSV
•added 2020/09/19 9:15 p.m.•45 views

CVE-2020-25791

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...

7.5CVSS6.7AI score0.02841EPSS
Exploits5References2
Total number of security vulnerabilities5000