Lucene search
K
OsvMost viewed

907331 matches found

OSV
OSV
added 2024/03/06 10:59 a.m.42 views

BIT-NODE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

9.8CVSS8.4AI score0.01819EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:58 a.m.42 views

BIT-DOTNET-2022-29145 .NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability...

7.5CVSS7.5AI score0.04663EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 10:57 a.m.42 views

BIT-APACHE-2020-11985

IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...

5.3CVSS6AI score0.05884EPSS
Exploits0References17
OSV
OSV
added 2024/03/06 10:54 a.m.42 views

BIT-GOLANG-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8CVSS9.2AI score0.01424EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 10:51 a.m.42 views

BIT-DOTNET-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...

9.8CVSS9.6AI score0.02778EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:51 a.m.42 views

BIT-DJANGO-2023-41164

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uritoiri is subject to a potential DoS denial of service attack via certain inputs with a very large number of Unicode characters...

7.5CVSS7.4AI score0.01284EPSS
Exploits0References8
OSV
OSV
added 2024/02/27 9:41 p.m.42 views

GHSA-JJHX-JHVP-74WQ Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

7.5CVSS6.3AI score0.01498EPSS
Exploits0References6
OSV
OSV
added 2024/02/27 6:31 p.m.42 views

GHSA-Q4QH-8PXW-R48Q Subrion CMS vulnerable to Cross Site Scripting

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...

6.1CVSS5.9AI score0.00345EPSS
Exploits0References3
OSV
OSV
added 2024/02/26 12:0 a.m.42 views

ALSA-2024:0964 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547 Mozilla: Memory...

8.1CVSS8.4AI score0.00937EPSS
Exploits1References18
OSV
OSV
added 2024/02/14 12:0 a.m.42 views

DSA-5621-1 bind9 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.99995EPSS
Exploits1
OSV
OSV
added 2024/02/11 3:30 a.m.42 views

GHSA-99VC-XW8J-PHJM Ghost has possible Cross-site Scripting issue

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view th...

6.5CVSS9.1AI score0.03485EPSS
Exploits1References5
OSV
OSV
added 2024/02/09 6:15 p.m.42 views

CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

7.5CVSS7.1AI score0.01564EPSS
Exploits0References2
OSV
OSV
added 2024/02/04 8:15 p.m.42 views

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

5.5CVSS6.8AI score
Exploits0References7
OSV
OSV
added 2024/01/31 8:15 a.m.42 views

CVE-2024-23775

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service DoS via mbedtlsx509setextension...

7.5CVSS6.8AI score
Exploits0References5
OSV
OSV
added 2024/01/17 12:0 a.m.42 views

ALSA-2024:0267 Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

7.5CVSS6.9AI score0.00911EPSS
Exploits0References14
OSV
OSV
added 2024/01/16 4:15 p.m.42 views

CVE-2023-45237

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS7.1AI score
Exploits0References4
OSV
OSV
added 2024/01/16 4:15 p.m.42 views

CVE-2023-45235

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or...

8.8CVSS7.6AI score
Exploits0References7
OSV
OSV
added 2024/01/16 2:15 p.m.42 views

CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

7.5CVSS6.7AI score0.01408EPSS
Exploits1References12
OSV
OSV
added 2024/01/15 12:0 a.m.42 views

ALSA-2024:0253 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.3CVSS7.1AI score0.01249EPSS
Exploits1References4
OSV
OSV
added 2024/01/12 12:0 a.m.42 views

DSA-5601-1 php-phpseclib3 - security update

Bulletin has no description...

5.9CVSS6.7AI score0.9378EPSS
Exploits4
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0152 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1...

9.8CVSS7.7AI score0.02868EPSS
Exploits0References8
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0108 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

6.5CVSS7.3AI score0.00816EPSS
Exploits0References4
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

DLA-3710-1 linux - security update

Bulletin has no description...

9.8CVSS7.7AI score0.02154EPSS
Exploits11
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0155 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...

5.9CVSS7.1AI score0.01257EPSS
Exploits0References4
OSV
OSV
added 2023/12/29 12:0 a.m.42 views

DLA-3697-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS7.2AI score0.20472EPSS
Exploits0
OSV
OSV
added 2023/12/13 11:10 p.m.42 views

GHSA-P6XX-FHFW-7MJ7 Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

8.8CVSS7AI score0.01517EPSS
Exploits0References3
OSV
OSV
added 2023/12/12 2:15 a.m.42 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6AI score0.01133EPSS
Exploits1References6
OSV
OSV
added 2023/12/12 12:0 a.m.42 views

ALSA-2023:7764 Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.2AI score0.01328EPSS
Exploits0References12
OSV
OSV
added 2023/12/05 12:15 p.m.42 views

CVE-2023-45840

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the...

8.1CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2023/12/01 7:1 a.m.42 views

CVE-2023-4658 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS4AI score0.00385EPSS
Exploits0References5
OSV
OSV
added 2023/12/01 12:0 a.m.42 views

ASB-A-281061287

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00115EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 11:15 p.m.42 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

8.8CVSS6.9AI score0.0937EPSS
Exploits0References19
OSV
OSV
added 2023/11/21 3:39 p.m.42 views

GO-2023-2334 Denial of service via decryption of malicious PBES2 JWE objects in github.com/go-jose/go-jose/v3

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...

7AI score
Exploits0References2
OSV
OSV
added 2023/11/20 6:2 p.m.42 views

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

9.6CVSS9.3AI score0.22938EPSS
Exploits2References5
OSV
OSV
added 2023/11/17 12:0 a.m.42 views

DSA-5557-1 webkit2gtk - security update

Bulletin has no description...

8.8CVSS7.5AI score0.01736EPSS
Exploits0
OSV
OSV
added 2023/11/15 12:0 a.m.42 views

DLA-3653-1 libclamunrar - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/11/14 8:48 p.m.42 views

CVE-2023-47627 Request smuggling in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

5.3CVSS6.6AI score0.0085EPSS
Exploits1References8
OSV
OSV
added 2023/11/14 8:30 p.m.42 views

CVE-2023-47130 Unsafe deserialization of user data in yiisoft/yii

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

8.1CVSS9.4AI score0.03147EPSS
Exploits0References5
OSV
OSV
added 2023/11/14 12:0 a.m.42 views

ALSA-2023:7151 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.8CVSS8.9AI score0.27095EPSS
Exploits3References4
OSV
OSV
added 2023/11/09 9:30 p.m.42 views

GHSA-28GC-4QQ5-8Q26 Moodle Cross-site Scripting vulnerability

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...

6.1CVSS5.2AI score0.00506EPSS
Exploits0References6
OSV
OSV
added 2023/11/07 12:0 a.m.42 views

ALSA-2023:6635 Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References10
OSV
OSV
added 2023/11/06 4:15 p.m.42 views

CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.2AI score
Exploits0References9
OSV
OSV
added 2023/11/06 7:33 a.m.42 views

BIT-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS5.7AI score0.02221EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/11/06 7:32 a.m.42 views

BIT-2020-2752

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS5.7AI score0.02317EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/10/25 6:20 a.m.42 views

BIT-2023-42629

Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...

9CVSS5.4AI score0.02239EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/10/25 6:20 a.m.42 views

BIT-2023-44311

Multiple reflected cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via t...

9.6CVSS6AI score0.00462EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/24 6:36 p.m.42 views

RLSA-2023:5742 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

5.3CVSS6.4AI score0.014EPSS
Exploits0References3
OSV
OSV
added 2023/10/23 12:0 a.m.42 views

DLA-3629-1 ceph - security update

Bulletin has no description...

9.8CVSS6.5AI score0.0461EPSS
Exploits1
OSV
OSV
added 2023/10/20 5:15 p.m.42 views

PYSEC-2023-217

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.2.2...

8.8CVSS7.2AI score0.00428EPSS
Exploits1References5
OSV
OSV
added 2023/10/18 9:22 p.m.42 views

CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.4AI score0.00449EPSS
Exploits0References4
Total number of security vulnerabilities5000