Lucene search
K
OsvMost viewed

907335 matches found

OSV
OSV
•added 2021/04/17 12:0 a.m.•43 views

DLA-2628-1 python2.7 - security update

Bulletin has no description...

6.1CVSS7.2AI score0.35963EPSS
Exploits2
OSV
OSV
•added 2021/03/09 12:45 a.m.•43 views

GHSA-CVW2-XJ8R-MJF7 Activerecord-session_store Vulnerable to Timing Attack

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5.3CVSS5.9AI score0.01835EPSS
Exploits0References7
OSV
OSV
•added 2021/03/09 12:38 a.m.•43 views

GHSA-JPCM-4485-69P7 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin

Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...

7.4CVSS6.3AI score0.01176EPSS
Exploits1References5
OSV
OSV
•added 2021/02/01 12:0 a.m.•43 views

DSA-4843-1 linux - security update

Bulletin has no description...

8.8CVSS6.8AI score0.06563EPSS
Exploits5
OSV
OSV
•added 2021/01/12 9:15 a.m.•43 views

PYSEC-2021-70

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

8.8CVSS3.6AI score0.01789EPSS
Exploits0References6
OSV
OSV
•added 2020/12/31 9:15 a.m.•43 views

CVE-2020-35910

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...

5.5CVSS7.1AI score0.00207EPSS
Exploits0References1
OSV
OSV
•added 2020/12/30 1:15 a.m.•43 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...

9.8CVSS7.4AI score
Exploits0References6
OSV
OSV
•added 2020/12/17 7:15 p.m.•43 views

CVE-2020-35489

The contact-form-7 aka Contact Form 7 plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters...

10CVSS7.8AI score
Exploits0References5
OSV
OSV
•added 2020/12/09 12:0 p.m.•43 views

RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

5.1CVSS9.4AI score0.01515EPSS
Exploits0References3
OSV
OSV
•added 2020/11/29 12:0 p.m.•43 views

RUSTSEC-2020-0075 Unexpected panic when decoding tokens

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...

5.5CVSS5.4AI score0.00465EPSS
Exploits1References3
OSV
OSV
•added 2020/11/23 2:15 p.m.•43 views

CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

6.5CVSS6.5AI score
Exploits0References3
OSV
OSV
•added 2020/11/03 12:33 p.m.•43 views

ALSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...

9.1CVSS7.3AI score0.81466EPSS
Exploits6References11
OSV
OSV
•added 2020/11/03 12:23 p.m.•43 views

ALSA-2020:4641 Moderate: python38:3.8 security, bug fix, and enhancement update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

10CVSS7.8AI score0.12826EPSS
Exploits3References6
OSV
OSV
•added 2020/09/21 12:0 a.m.•43 views

DLA-2377-1 qt4-x11 - security update

Bulletin has no description...

9.8CVSS7.4AI score0.03915EPSS
Exploits1
OSV
OSV
•added 2020/09/19 9:15 p.m.•43 views

CVE-2020-25791

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...

7.5CVSS6.7AI score0.02841EPSS
Exploits5References2
OSV
OSV
•added 2020/08/31 10:49 p.m.•43 views

GHSA-82MG-X548-GQ3J LDAP Injection in ldapauth

Versions 2.2.4 and earlier of ldapauth-fork are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter. Recommendation ldapauth is not actively maintained, having not seen a publish since 2014. As a result, there i...

7.5CVSS7.7AI score0.02117EPSS
Exploits0References9
OSV
OSV
•added 2020/08/30 12:0 a.m.•43 views

DLA-2356-1 freerdp - security update

Bulletin has no description...

8.3CVSS6.2AI score0.02653EPSS
Exploits9
OSV
OSV
•added 2020/08/29 12:0 a.m.•43 views

DLA-2355-1 bind9 - security update

Bulletin has no description...

7.5CVSS7.3AI score0.06348EPSS
Exploits0
OSV
OSV
•added 2020/08/07 4:15 p.m.•43 views

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS6.6AI score0.89744EPSS
Exploits0References29
OSV
OSV
•added 2020/08/01 12:0 a.m.•43 views

ASB-A-151095863

In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file eg. a photo containing location metadata with no additional execution privileges needed. User...

5.5CVSS5.1AI score0.00183EPSS
Exploits0References2
OSV
OSV
•added 2020/07/19 12:0 a.m.•43 views

DSA-4728-1 qemu - security update

Bulletin has no description...

6.8CVSS6.2AI score0.02409EPSS
Exploits0
OSV
OSV
•added 2020/07/04 10:54 p.m.•43 views

PSF-2020-4 Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

7.8CVSS7.4AI score0.00895EPSS
Exploits0References1
OSV
OSV
•added 2020/07/01 12:0 a.m.•43 views

ASB-A-147664838

In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS9.6AI score0.01581EPSS
Exploits0References3
OSV
OSV
•added 2020/06/28 12:0 a.m.•43 views

DLA-2261-1 php5 - security update

Bulletin has no description...

5.3CVSS6.1AI score0.06264EPSS
Exploits1
OSV
OSV
•added 2020/05/16 12:0 a.m.•43 views

DSA-4686-1 apache-log4j1.2 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.6906EPSS
Exploits3
OSV
OSV
•added 2020/05/09 12:0 a.m.•43 views

DLA-2206-1 thunderbird - security update

Bulletin has no description...

10CVSS7.3AI score0.05803EPSS
Exploits0
OSV
OSV
•added 2020/05/07 12:0 a.m.•43 views

DSA-4681-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS7.1AI score0.11074EPSS
Exploits2
OSV
OSV
•added 2020/04/28 3:15 p.m.•43 views

CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

9.8CVSS8AI score0.9927EPSS
Exploits45References5
OSV
OSV
•added 2020/04/04 12:0 a.m.•43 views

DSA-4653-1 firefox-esr - security update

Bulletin has no description...

8.1CVSS8.2AI score0.06305EPSS
Exploits1
OSV
OSV
•added 2020/03/20 12:0 a.m.•43 views

DLA-2150-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.7AI score0.03191EPSS
Exploits2
OSV
OSV
•added 2020/03/19 12:0 a.m.•43 views

DSA-4642-1 thunderbird - security update

Bulletin has no description...

9.8CVSS7.7AI score0.03191EPSS
Exploits2
OSV
OSV
•added 2020/01/22 2:15 p.m.•43 views

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

9.8CVSS7.4AI score
Exploits0References1
OSV
OSV
•added 2020/01/17 12:0 a.m.•43 views

DLA-2068-1 linux - security update

Bulletin has no description...

10CVSS8.5AI score0.72105EPSS
Exploits34
OSV
OSV
•added 2020/01/14 12:0 a.m.•43 views

DLA-2067-1 wordpress - security update

Bulletin has no description...

9.8CVSS9.3AI score0.04654EPSS
Exploits1
OSV
OSV
•added 2019/12/04 12:0 a.m.•43 views

DLA-2020-1 libonig - security update

Bulletin has no description...

9.8CVSS7.5AI score0.10539EPSS
Exploits4
OSV
OSV
•added 2019/11/06 1:15 p.m.•43 views

ALSA-2019:3735 Critical: php:7.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

9.8CVSS9.6AI score0.9947EPSS
Exploits54References2
OSV
OSV
•added 2019/09/30 12:0 a.m.•43 views

DLA-1940-1 linux-4.9 - security update

Bulletin has no description...

8.8CVSS7.5AI score0.00763EPSS
Exploits2
OSV
OSV
•added 2019/09/02 12:0 a.m.•43 views

DSA-4512-1 qemu - security update

Bulletin has no description...

8.8CVSS7.3AI score0.16658EPSS
Exploits3
OSV
OSV
•added 2019/07/25 12:0 a.m.•43 views

DLA-1730-3 libssh2 - regression update

Bulletin has no description...

9.1CVSS6.9AI score0.11659EPSS
Exploits1
OSV
OSV
•added 2019/07/20 12:0 a.m.•43 views

DLA-1858-1 squid3 - security update

Bulletin has no description...

9.8CVSS7.7AI score0.24401EPSS
Exploits0
OSV
OSV
•added 2019/07/19 11:15 p.m.•43 views

CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS7.6AI score
Exploits0References15
OSV
OSV
•added 2019/06/28 12:0 a.m.•43 views

DSA-4472-1 expat - security update

Bulletin has no description...

7.8CVSS7.8AI score0.07107EPSS
Exploits1
OSV
OSV
•added 2019/06/17 12:0 a.m.•43 views

DSA-4465-1 linux - security update

Bulletin has no description...

9.8CVSS6.9AI score0.98745EPSS
Exploits11
OSV
OSV
•added 2019/05/30 12:0 a.m.•43 views

DLA-1810-1 tomcat7 - security update

Bulletin has no description...

6.1CVSS6.3AI score0.45571EPSS
Exploits3
OSV
OSV
•added 2019/04/23 4:6 p.m.•43 views

GHSA-7VX9-XJHR-RW6H Cross-site Scripting in Eclipse Jetty

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...

6.1CVSS6AI score0.09591EPSS
Exploits0References16
OSV
OSV
•added 2019/04/20 12:29 a.m.•43 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.4AI score0.87218EPSS
Exploits4References73
OSV
OSV
•added 2019/03/10 12:0 a.m.•43 views

DSA-4405-1 openjpeg2 - security update

Bulletin has no description...

9.8CVSS6.5AI score0.05135EPSS
Exploits4
OSV
OSV
•added 2019/03/01 12:0 a.m.•43 views

DLA-1701-1 openssl - security update

Bulletin has no description...

5.9CVSS6AI score0.17139EPSS
Exploits0
OSV
OSV
•added 2019/02/28 12:0 a.m.•43 views

DLA-1697-1 bind9 - security update

Bulletin has no description...

5.3CVSS6.5AI score0.037EPSS
Exploits0
OSV
OSV
•added 2019/02/20 6:29 p.m.•43 views

CVE-2018-5818

An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...

7.5CVSS6.5AI score
Exploits0References4
Total number of security vulnerabilities5000