Lucene search
K
OsvMost viewed

908273 matches found

OSV
OSV
added 2024/02/14 12:0 a.m.42 views

DSA-5621-1 bind9 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.99995EPSS
Exploits1
OSV
OSV
added 2024/02/09 6:15 p.m.42 views

CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

7.5CVSS7.1AI score0.01564EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 3:50 p.m.42 views

CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

3.5CVSS4.5AI score0.00257EPSS
Exploits0References4
OSV
OSV
added 2024/01/26 9:15 a.m.42 views

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

5.5CVSS6.7AI score
Exploits0References10
OSV
OSV
added 2024/01/17 12:0 p.m.42 views

RUSTSEC-2024-0003 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...

7.8CVSS7AI score0.82813EPSS
Exploits0References3
OSV
OSV
added 2024/01/16 2:15 p.m.42 views

CVE-2024-0567

A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...

7.5CVSS6.7AI score0.01408EPSS
Exploits1References12
OSV
OSV
added 2024/01/12 12:0 a.m.42 views

DSA-5601-1 php-phpseclib3 - security update

Bulletin has no description...

5.9CVSS6.7AI score0.9378EPSS
Exploits4
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0108 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 For more details about the security issues, including the impact, a CV...

6.5CVSS7.3AI score0.00816EPSS
Exploits0References4
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0155 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 For more details about the security issues,...

5.9CVSS7.1AI score0.01257EPSS
Exploits0References4
OSV
OSV
added 2024/01/10 12:0 a.m.42 views

ALSA-2024:0152 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1...

9.8CVSS7.7AI score0.02868EPSS
Exploits0References8
OSV
OSV
added 2023/12/29 12:0 a.m.42 views

DLA-3697-1 firefox-esr - security update

Bulletin has no description...

8.8CVSS7.2AI score0.20472EPSS
Exploits0
OSV
OSV
added 2023/12/13 11:10 p.m.42 views

GHSA-P6XX-FHFW-7MJ7 Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

8.8CVSS7AI score0.01517EPSS
Exploits0References3
OSV
OSV
added 2023/12/13 9:26 p.m.42 views

GHSA-3M87-5598-2V4F Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

5.4CVSS6.1AI score0.02736EPSS
Exploits0References12
OSV
OSV
added 2023/12/12 2:15 a.m.42 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6AI score0.01133EPSS
Exploits1References6
OSV
OSV
added 2023/12/05 10:46 p.m.42 views

GHSA-MHHP-C3CM-2R86 Test code in published microsoft-graph-core package exposes phpinfo()

Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...

5.4CVSS7.5AI score0.78428EPSS
Exploits5References9
OSV
OSV
added 2023/12/05 12:15 p.m.42 views

CVE-2023-45840

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the...

8.1CVSS7.2AI score
Exploits0References3
OSV
OSV
added 2023/12/01 7:1 a.m.42 views

CVE-2023-4658 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS4AI score0.00385EPSS
Exploits0References5
OSV
OSV
added 2023/12/01 12:0 a.m.42 views

ASB-A-281061287

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00115EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 11:15 p.m.42 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

8.8CVSS6.9AI score0.0937EPSS
Exploits0References19
OSV
OSV
added 2023/11/21 3:39 p.m.42 views

GO-2023-2334 Denial of service via decryption of malicious PBES2 JWE objects in github.com/go-jose/go-jose/v3

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...

7AI score
Exploits0References2
OSV
OSV
added 2023/11/14 8:48 p.m.42 views

CVE-2023-47627 Request smuggling in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

5.3CVSS6.6AI score0.0085EPSS
Exploits1References8
OSV
OSV
added 2023/11/14 8:30 p.m.42 views

CVE-2023-47130 Unsafe deserialization of user data in yiisoft/yii

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

8.1CVSS9.4AI score0.03147EPSS
Exploits0References5
OSV
OSV
added 2023/11/14 12:0 a.m.42 views

ALSA-2023:7151 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.8CVSS8.9AI score0.27095EPSS
Exploits3References4
OSV
OSV
added 2023/11/09 9:30 p.m.42 views

GHSA-28GC-4QQ5-8Q26 Moodle Cross-site Scripting vulnerability

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content...

6.1CVSS5.2AI score0.00506EPSS
Exploits0References6
OSV
OSV
added 2023/11/07 12:0 a.m.42 views

ALSA-2023:6635 Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References10
OSV
OSV
added 2023/11/06 4:15 p.m.42 views

CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.2AI score
Exploits0References9
OSV
OSV
added 2023/11/06 7:33 a.m.42 views

BIT-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS5.7AI score0.02221EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/11/06 7:32 a.m.42 views

BIT-2020-2752

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS5.7AI score0.02317EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/10/24 6:36 p.m.42 views

RLSA-2023:5742 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 For more details about the security issues, including the...

5.3CVSS6.4AI score0.014EPSS
Exploits0References3
OSV
OSV
added 2023/10/23 12:0 a.m.42 views

DLA-3629-1 ceph - security update

Bulletin has no description...

9.8CVSS6.5AI score0.0461EPSS
Exploits1
OSV
OSV
added 2023/10/20 5:15 p.m.42 views

PYSEC-2023-217

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.2.2...

8.8CVSS7.2AI score0.00428EPSS
Exploits1References5
OSV
OSV
added 2023/10/18 9:22 p.m.42 views

CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.4AI score0.00449EPSS
Exploits0References4
OSV
OSV
added 2023/10/18 12:0 a.m.42 views

ALSA-2023:5837 Important: nghttp2 security update

nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/17 1:48 p.m.42 views

GHSA-V23W-PPPM-JH66 Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS7.5AI score0.00901EPSS
Exploits0References8
OSV
OSV
added 2023/10/16 8:15 p.m.42 views

CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2023/10/10 6:31 p.m.42 views

GHSA-5MFX-4WCX-RV27 Azure Identity SDK Remote Code Execution Vulnerability

Azure Identity SDK is vulnerable to remote code execution...

8.8CVSS8.8AI score0.02243EPSS
Exploits0References4
OSV
OSV
added 2023/10/06 10:57 p.m.42 views

RLSA-2023:5455 Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

7.8CVSS8.1AI score0.81422EPSS
Exploits27References5
OSV
OSV
added 2023/10/06 12:0 a.m.42 views

DLA-3605-1 grub2 - security update

Bulletin has no description...

7.8CVSS6.4AI score0.00536EPSS
Exploits2
OSV
OSV
added 2023/09/28 9:54 p.m.42 views

CVE-2023-43662 Arbitrary file read vulnerability in Shoko Server

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS8.9AI score0.08147EPSS
Exploits1References4
OSV
OSV
added 2023/09/25 12:15 p.m.42 views

PYSEC-2023-177

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component...

9.8CVSS9.2AI score0.01334EPSS
Exploits1References3
OSV
OSV
added 2023/09/20 12:0 a.m.42 views

DLA-3575-1 python2.7 - security update

Bulletin has no description...

9.8CVSS8.1AI score0.35963EPSS
Exploits10
OSV
OSV
added 2023/09/14 7:33 p.m.42 views

GHSA-GW5P-Q8MJ-P7GH Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...

2.2CVSS4.6AI score0.00605EPSS
Exploits0References8
OSV
OSV
added 2023/09/12 7:57 p.m.42 views

GHSA-H3HV-63Q5-JGPR Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

6.5CVSS6.9AI score0.04661EPSS
Exploits0References4
OSV
OSV
added 2023/08/31 5:59 p.m.42 views

CVE-2023-41045 Insecure source port usage for DNS queries in Graylog

Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice sin...

3.7CVSS5.3AI score0.00295EPSS
Exploits1References5
OSV
OSV
added 2023/08/31 10:15 a.m.42 views

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

7.5CVSS6.9AI score
Exploits0References9
OSV
OSV
added 2023/08/30 9:3 p.m.42 views

CVE-2023-41041 User session is still usable after logout in graylog2-server

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...

2.6CVSS4.2AI score0.00411EPSS
Exploits1References4
OSV
OSV
added 2023/08/27 12:0 a.m.42 views

DLA-3543-1 rar - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/26 12:0 a.m.42 views

DLA-3542-1 unrar-nonfree - security update

Bulletin has no description...

7.8CVSS7.8AI score0.1308EPSS
Exploits1
OSV
OSV
added 2023/08/22 12:0 a.m.42 views

DLA-3537-1 intel-microcode - security update

Bulletin has no description...

7.2CVSS7AI score0.03882EPSS
Exploits1
OSV
OSV
added 2023/08/14 12:0 a.m.42 views

ALSA-2023:4634 Important: rust security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS7AI score0.00763EPSS
Exploits0References4
Total number of security vulnerabilities5000