Lucene search
K
OsvMost viewed

903702 matches found

OSV
OSV
added 2023/11/06 7:32 a.m.41 views

BIT-2020-2780

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.2AI score0.0243EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/11/06 12:15 a.m.41 views

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

6.1CVSS6AI score
Exploits0References8
OSV
OSV
added 2023/10/25 6:20 a.m.41 views

BIT-2023-42629

Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...

9CVSS5.4AI score0.02239EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/10/22 7:15 p.m.42 views

PYSEC-2023-210

views.py in Wagtail CRX CodeRed Extensions formerly CodeRed CMS or coderedcms before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media...

6.5CVSS6.9AI score0.0071EPSS
Exploits1References4
OSV
OSV
added 2023/10/20 5:15 p.m.41 views

PYSEC-2023-217

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.2.2...

8.8CVSS7.2AI score0.00428EPSS
Exploits1References5
OSV
OSV
added 2023/10/19 4:13 p.m.41 views

GHSA-FR2G-9HJM-WR23 NATS.io: Adding accounts for just the system account adds auth bypass

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. NATS users exist within accounts, and once using accounts, the old authorization block is not applicable. Problem Description Without any...

6.5CVSS6.3AI score0.00662EPSS
Exploits0References8
OSV
OSV
added 2023/10/19 6:17 a.m.41 views

BIT-2023-42663

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with...

6.5CVSS6.5AI score0.01551EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/19 6:17 a.m.41 views

BIT-2023-42780

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...

6.5CVSS6.6AI score0.01071EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/18 9:22 p.m.41 views

CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.4AI score0.00449EPSS
Exploits0References4
OSV
OSV
added 2023/10/18 12:0 a.m.41 views

ALSA-2023:5837 Important: nghttp2 security update

nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/18 12:0 a.m.41 views

ALSA-2023:5744 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

5.3CVSS6.4AI score0.014EPSS
Exploits0References4
OSV
OSV
added 2023/10/14 12:0 a.m.41 views

DLA-3618-1 node-babel - security update

Bulletin has no description...

9.3CVSS8.9AI score0.0052EPSS
Exploits0
OSV
OSV
added 2023/10/12 4:17 p.m.41 views

CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

9.3CVSS8.7AI score0.0052EPSS
Exploits0References9
OSV
OSV
added 2023/10/12 12:0 a.m.41 views

DSA-5526-1 chromium - security update

Bulletin has no description...

8.8CVSS6.1AI score0.0126EPSS
Exploits0
OSV
OSV
added 2023/10/06 10:57 p.m.41 views

RLSA-2023:5455 Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

7.8CVSS8.1AI score0.81422EPSS
Exploits27References5
OSV
OSV
added 2023/10/04 2:46 p.m.41 views

GHSA-MVRP-3CVX-C325 Zod denial of service vulnerability during email validation

Impact API servers running express-zod-api having: - version of express-zod-api below 10.0.0-beta1, - and using the following or similar validation schema in its implementation: z.string.email, are vulnerable to a DoS attack due to: - Inefficient Regular Expression Complexity in zod versions up t...

7.5CVSS7.5AI score
Exploits0References5
OSV
OSV
added 2023/09/30 12:0 a.m.41 views

DLA-3591-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS9.3AI score0.34401EPSS
Exploits3
OSV
OSV
added 2023/09/29 9:14 p.m.41 views

PYSEC-2023-182

opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS6.8AI score0.99739EPSS
Exploits9References3
OSV
OSV
added 2023/09/26 1:26 p.m.41 views

RLSA-2023:5244 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests...

7.8CVSS8.2AI score0.05794EPSS
Exploits7References9
OSV
OSV
added 2023/09/20 12:0 a.m.41 views

DLA-3575-1 python2.7 - security update

Bulletin has no description...

9.8CVSS8.1AI score0.35963EPSS
Exploits10
OSV
OSV
added 2023/09/19 12:0 a.m.41 views

ALSA-2023:5245 Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process Information Leak CVE-2023-20593 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS7.4AI score0.05794EPSS
Exploits1References4
OSV
OSV
added 2023/09/18 3:30 p.m.41 views

GHSA-3P86-9955-H393 Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

8.8CVSS8.8AI score0.01884EPSS
Exploits0References7
OSV
OSV
added 2023/08/27 12:0 a.m.41 views

DLA-3543-1 rar - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/26 12:0 a.m.41 views

DLA-3542-1 unrar-nonfree - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/23 8:36 p.m.41 views

GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

5.5CVSS4.5AI score0.00258EPSS
Exploits0References7
OSV
OSV
added 2023/08/23 8:5 p.m.41 views

CVE-2023-40035 Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...

7.2CVSS7.3AI score0.01909EPSS
Exploits1References6
OSV
OSV
added 2023/08/15 8:35 p.m.41 views

GHSA-9C9V-W225-V5RG Ghost vulnerable to arbitrary file read via symlinks in content import

Impact A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's...

4.9CVSS5.6AI score0.57565EPSS
Exploits12References4
OSV
OSV
added 2023/08/14 12:0 a.m.41 views

ALSA-2023:4634 Important: rust security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS7AI score0.00763EPSS
Exploits0References4
OSV
OSV
added 2023/08/08 12:34 p.m.41 views

RLSA-2023:4100 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS8AI score0.03776EPSS
Exploits0References2
OSV
OSV
added 2023/07/25 2:43 p.m.41 views

GHSA-XQR8-7JWR-RHP7 Removal of e-Tugra root certificate

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions ...

7.5CVSS8.2AI score0.00468EPSS
Exploits0References8
OSV
OSV
added 2023/07/18 6:47 p.m.41 views

GHSA-M88M-CRR9-JVQQ OpenRefine vulnerable to zip slip in project import

Impact A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution if a user can be convinced to import it. Patches The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as...

5.5CVSS6.8AI score0.00632EPSS
Exploits0References6
OSV
OSV
added 2023/07/14 12:15 p.m.41 views

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.7AI score
Exploits0References7
OSV
OSV
added 2023/07/14 1:2 a.m.41 views

MAL-2023-679 Malicious code in perimeterx-fastly-js-edge-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 934118ad5800d3dc8e17c6e7ed99b345399d4eae19e298de4f8a35834f872cc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/07/11 6:19 p.m.42 views

CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

5CVSS6.7AI score0.00535EPSS
Exploits0References5
OSV
OSV
added 2023/06/29 3:2 p.m.41 views

GHSA-373W-RJ84-PV6X SafeURL-Python's hostname blocklist does not block FQDNs

Description If a hostname was blacklisted, it was possible to bypass the blacklist by requesting the FQDN of the host e.g. adding . to the end. Impact The main purpose of this library is to block requests to internal/private IPs and these cannot be bypassed using this finding. But if a library us...

7AI score
Exploits0References4
OSV
OSV
added 2023/06/23 6:12 p.m.41 views

CVE-2023-3394 Session Fixation in fossbilling/fossbilling

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1...

6.8CVSS6.3AI score0.00506EPSS
Exploits1References4
OSV
OSV
added 2023/06/16 4:4 p.m.41 views

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS9AI score0.85825EPSS
Exploits4References10
OSV
OSV
added 2023/06/14 5:8 p.m.41 views

GHSA-555C-2P6R-68MM .NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS7.6AI score0.02627EPSS
Exploits0References6
OSV
OSV
added 2023/06/08 8:16 p.m.41 views

GO-2023-1840 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

7.8CVSS8.6AI score0.00432EPSS
Exploits0References3
OSV
OSV
added 2023/06/07 11:24 p.m.41 views

CVE-2023-34238 Local File Inclusion vulnerability in Gatsby

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

4.3CVSS5.3AI score0.0091EPSS
Exploits1References5
OSV
OSV
added 2023/05/31 6:41 a.m.41 views

MGASA-2023-0188 Updated tcpreplay packages fix security vulnerability

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...

7.5CVSS7.3AI score0.01506EPSS
Exploits7References3
OSV
OSV
added 2023/05/23 12:0 a.m.41 views

DSA-5409-1 libssh - security update

Bulletin has no description...

6.5CVSS6.1AI score0.01314EPSS
Exploits2
OSV
OSV
added 2023/05/18 10:15 p.m.41 views

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

9.8CVSS8.2AI score0.01249EPSS
Exploits0References2
OSV
OSV
added 2023/05/16 12:0 a.m.41 views

ALSA-2023:2866 Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...

7.5CVSS7.1AI score0.05623EPSS
Exploits1References8
OSV
OSV
added 2023/05/09 12:0 a.m.41 views

ALSA-2023:2532 Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS7.9AI score0.01936EPSS
Exploits0References4
OSV
OSV
added 2023/04/21 12:0 a.m.41 views

DLA-3398-1 curl - security update

Bulletin has no description...

9.8CVSS7.2AI score0.01993EPSS
Exploits4
OSV
OSV
added 2023/04/20 12:0 a.m.41 views

ALSA-2023:1895 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.8AI score0.02474EPSS
Exploits1References16
OSV
OSV
added 2023/04/06 12:0 a.m.41 views

ALSA-2023:1673 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References4
OSV
OSV
added 2023/04/04 9:7 p.m.41 views

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7.2AI score0.0144EPSS
Exploits0References10
OSV
OSV
added 2023/03/31 10:44 p.m.41 views

GHSA-5X5Q-8CGM-2HJQ Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...

7.5CVSS7.7AI score0.01119EPSS
Exploits1References4
Total number of security vulnerabilities5000