Lucene search
K
OsvMost viewed

907252 matches found

OSV
OSV
•added 2023/04/21 12:0 a.m.•41 views

DLA-3398-1 curl - security update

Bulletin has no description...

9.8CVSS7.2AI score0.01993EPSS
Exploits4
OSV
OSV
•added 2023/04/20 12:0 a.m.•41 views

ALSA-2023:1895 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

7.4CVSS6.8AI score0.02474EPSS
Exploits1References16
OSV
OSV
•added 2023/04/06 12:0 a.m.•41 views

ALSA-2023:1673 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References4
OSV
OSV
•added 2023/04/04 9:7 p.m.•41 views

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7.2AI score0.0144EPSS
Exploits0References10
OSV
OSV
•added 2023/03/31 10:44 p.m.•41 views

GHSA-5X5Q-8CGM-2HJQ Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...

7.5CVSS7.7AI score0.01119EPSS
Exploits1References4
OSV
OSV
•added 2023/03/30 8:17 p.m.•41 views

GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

2.5CVSS6.5AI score0.00327EPSS
Exploits1References4
OSV
OSV
•added 2023/03/28 1:7 p.m.•41 views

RLSA-2023:1405 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.3AI score0.59501EPSS
Exploits0References5
OSV
OSV
•added 2023/03/27 12:0 a.m.•41 views

DLA-3369-1 runc - security update

Bulletin has no description...

8.5CVSS7.2AI score0.06604EPSS
Exploits2
OSV
OSV
•added 2023/03/16 9:15 p.m.•41 views

PYSEC-2023-50

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.3AI score0.00407EPSS
Exploits0References2
OSV
OSV
•added 2023/03/08 7:30 p.m.•41 views

GO-2023-1621 Incorrect calculation on P256 curves in crypto/internal/nistec

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

5.3CVSS7.4AI score0.00817EPSS
Exploits0References3
OSV
OSV
•added 2023/03/08 4:37 p.m.•41 views

RLSA-2023:1140 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...

6.5CVSS7.6AI score0.01703EPSS
Exploits1References2
OSV
OSV
•added 2023/03/02 11:21 p.m.•41 views

GHSA-59FQ-727J-HM3F keycloak-connect contains Open redirect vulnerability in the Node.js adapter

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none...

6.1CVSS6.3AI score0.00399EPSS
Exploits0References5
OSV
OSV
•added 2023/02/28 6:15 p.m.•41 views

CVE-2023-27320

Sudo before 1.9.13p2 has a double free in the per-command chroot feature...

7.2CVSS7.2AI score
Exploits0References8
OSV
OSV
•added 2023/02/28 12:0 a.m.•41 views

ALSA-2023:0946 Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References18
OSV
OSV
•added 2023/02/23 8:15 p.m.•41 views

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature...

6.1CVSS6.4AI score0.0055EPSS
Exploits0References2
OSV
OSV
•added 2023/02/16 8:46 p.m.•41 views

GHSA-R6CH-MQF9-QC9W Regular Expression Denial of Service in Headers

Impact The Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize utility function...

7.5CVSS7.1AI score0.01304EPSS
Exploits0References6
OSV
OSV
•added 2023/02/16 3:15 p.m.•41 views

CVE-2023-22578

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

9.8CVSS9.6AI score0.00831EPSS
Exploits0References2
OSV
OSV
•added 2023/02/08 12:30 a.m.•41 views

GHSA-2QXP-XMX6-CQ4F Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.5.4...

6.5CVSS6.5AI score0.00301EPSS
Exploits1References4
OSV
OSV
•added 2023/02/07 10:57 p.m.•41 views

GHSA-33M6-Q9V5-62R7 go.uuid has Predictable UUID Identifiers

CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...

9.8CVSS9.4AI score0.02307EPSS
Exploits0References10
OSV
OSV
•added 2023/02/07 12:0 p.m.•41 views

RUSTSEC-2023-0006 X.400 address type confusion in X.509 `GeneralName`

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.6AI score0.59501EPSS
Exploits0References3
OSV
OSV
•added 2023/02/03 6:15 a.m.•41 views

CVE-2023-25136

OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One...

6.5CVSS6.9AI score0.89955EPSS
Exploits10References16
OSV
OSV
•added 2023/02/01 6:48 p.m.•41 views

GHSA-3GV2-29QC-V67M Symfony vulnerable to Session Fixation of CSRF tokens

Description ----------- When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performin...

6.3CVSS7AI score0.0079EPSS
Exploits0References9
OSV
OSV
•added 2023/01/26 9:30 p.m.•41 views

GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
OSV
OSV
•added 2023/01/23 2:30 p.m.•41 views

RLSA-2023:0328 Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

7.5CVSS7.2AI score0.01544EPSS
Exploits1References5
OSV
OSV
•added 2023/01/18 6:23 p.m.•41 views

GHSA-P84V-45XJ-WWQJ ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in...

7.5CVSS7.5AI score0.01695EPSS
Exploits0References8
OSV
OSV
•added 2023/01/18 12:30 a.m.•41 views

GHSA-5PM2-9MR2-3FRQ Component takeover in Oracle Data Provider for .NET

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

7.5CVSS7.5AI score0.00594EPSS
Exploits0References4
OSV
OSV
•added 2023/01/12 8:25 a.m.•41 views

RLSA-2023:0099 Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

6.5CVSS6.4AI score0.00281EPSS
Exploits0References3
OSV
OSV
•added 2023/01/11 12:0 a.m.•41 views

DSA-5315-1 libxstream-java - security update

Bulletin has no description...

8.2CVSS7.7AI score0.08689EPSS
Exploits1
OSV
OSV
•added 2023/01/10 10:27 p.m.•41 views

GHSA-8GCG-VWMW-RXJ4 Flarum notifications can leak restricted content

Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through...

6.8CVSS5.9AI score0.00397EPSS
Exploits0References5
OSV
OSV
•added 2023/01/01 12:0 a.m.•41 views

ASB-A-242703780

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00238EPSS
Exploits0References2
OSV
OSV
•added 2022/12/22 8:15 p.m.•41 views

CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

6.5CVSS3.4AI score
Exploits0References4
OSV
OSV
•added 2022/12/16 11:41 p.m.•41 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

5.8CVSS7.8AI score0.0059EPSS
Exploits0References5
OSV
OSV
•added 2022/12/14 9:30 p.m.•41 views

GHSA-7GPW-FRPH-FWRG TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)

An issue was discovered in the fpmasterquiz aka Master-Quiz extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers...

6.5CVSS6.4AI score0.00364EPSS
Exploits0References5
OSV
OSV
•added 2022/12/13 3:15 p.m.•41 views

CVE-2022-45685

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...

7.5CVSS7.4AI score
Exploits0References3
OSV
OSV
•added 2022/12/09 5:49 p.m.•41 views

CVE-2022-23478 Out of Bound Write in xrdp

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function. There are no known workarounds for this issue. Users are advised to upgrade...

9.1CVSS7.7AI score0.00799EPSS
Exploits0References4
OSV
OSV
•added 2022/12/07 12:0 a.m.•41 views

DLA-3227-1 ruby-rails-html-sanitizer - security update

Bulletin has no description...

6.1CVSS6.3AI score0.2914EPSS
Exploits1
OSV
OSV
•added 2022/12/05 10:15 p.m.•41 views

CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...

6.5CVSS1.4AI score
Exploits0References3
OSV
OSV
•added 2022/11/26 12:0 a.m.•41 views

DLA-3206-1 heimdal - security update

Bulletin has no description...

9.8CVSS7.5AI score0.06419EPSS
Exploits1
OSV
OSV
•added 2022/11/14 12:0 a.m.•41 views

DLA-3187-1 dropbear - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01348EPSS
Exploits0
OSV
OSV
•added 2022/11/09 12:0 a.m.•41 views

DLA-3183-1 webkit2gtk - security update

Bulletin has no description...

8.8CVSS7.2AI score0.01508EPSS
Exploits0
OSV
OSV
•added 2022/11/08 12:0 a.m.•41 views

ALSA-2022:7444 Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 Race condition in VTRESIZEX ioctl when vcconsi.d is...

8.6CVSS8.9AI score0.12746EPSS
Exploits21References52
OSV
OSV
•added 2022/11/01 11:55 p.m.•41 views

GO-2022-1095 Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

7.5CVSS7.5AI score0.00778EPSS
Exploits0References3
OSV
OSV
•added 2022/11/01 12:0 a.m.•41 views

ALSA-2022:7288 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full strength general purpose cryptography library. Security Fixes: OpenSSL: X.509 Email Address Buffer Overflow CVE-2022-3602 OpenSSL: X.509 Email Address Variable Length...

7.5CVSS7.8AI score0.91153EPSS
Exploits6References6
OSV
OSV
•added 2022/10/29 7:15 p.m.•41 views

CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

7.8CVSS7.8AI score
Exploits0References13
OSV
OSV
•added 2022/10/26 12:0 a.m.•41 views

DLA-3160-1 tomcat9 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.71653EPSS
Exploits20
OSV
OSV
•added 2022/10/25 7:23 a.m.•41 views

RLSA-2022:7108 Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

8.1CVSS8.3AI score0.01067EPSS
Exploits0References3
OSV
OSV
•added 2022/10/25 12:0 a.m.•41 views

ALSA-2022:7134 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: a use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 kernel: information leak in...

7.8CVSS7.4AI score0.06214EPSS
Exploits7References15
OSV
OSV
•added 2022/10/24 12:0 a.m.•41 views

DLA-3157-1 bluez - security update

Bulletin has no description...

9.1CVSS7.7AI score0.01808EPSS
Exploits4
OSV
OSV
•added 2022/10/21 12:0 a.m.•41 views

CVE-2022-3598

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b...

5.5CVSS6.4AI score0.00938EPSS
Exploits1References7
OSV
OSV
•added 2022/10/20 2:15 p.m.•41 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS5.4AI score0.02422EPSS
Exploits1References2
Total number of security vulnerabilities5000