Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors....
5.9CVSS
5.5AI Score
0.001EPSS
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS...
7.5CVSS
7.4AI Score
0.007EPSS
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...
7.5CVSS
6.6AI Score
0.027EPSS
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would r...
7.5CVSS
7.6AI Score
0.003EPSS
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but....
5.9CVSS
7AI Score
0.001EPSS
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...
7.8CVSS
7.6AI Score
0.001EPSS
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...
7.8CVSS
7.6AI Score
0.001EPSS
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while pa...
3.3CVSS
3.4AI Score
0.001EPSS
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this....
7.8CVSS
7.6AI Score
0.002EPSS
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...
7.8CVSS
7.6AI Score
0.001EPSS
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process...
7.8CVSS
7.6AI Score
0.001EPSS
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...
3.3CVSS
3.6AI Score
0.001EPSS
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability ...
3.3CVSS
3.6AI Score
0.001EPSS
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...
3.3CVSS
3.4AI Score
0.0004EPSS
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID:...
4.3CVSS
4.2AI Score
0.001EPSS
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...
3.3CVSS
3.4AI Score
0.0004EPSS
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...
3.3CVSS
3.4AI Score
0.0004EPSS
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are...
6.1CVSS
6.1AI Score
0.001EPSS
6.4CVSS
6.4AI Score
0.001EPSS
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage...
7.8CVSS
7.6AI Score
0.002EPSS
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This coul...
7.1CVSS
6.5AI Score
0.001EPSS
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected...
9.8CVSS
9.4AI Score
0.002EPSS
8.8CVSS
8.2AI Score
0.01EPSS
8.8CVSS
8.2AI Score
0.01EPSS
8.8CVSS
8.2AI Score
0.01EPSS
6.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
8.1AI Score
0.045EPSS
8.8CVSS
8.2AI Score
0.009EPSS
8.8CVSS
8.6AI Score
0.01EPSS
6.5CVSS
7.1AI Score
0.006EPSS
6.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.007EPSS
8.8CVSS
8.2AI Score
0.01EPSS
8.8CVSS
8.6AI Score
0.01EPSS
8.8CVSS
7.8AI Score
0.007EPSS
8.8CVSS
8.2AI Score
0.01EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.003EPSS
8.8CVSS
8.2AI Score
0.003EPSS
6.1CVSS
6.7AI Score
0.001EPSS
4.6CVSS
5.4AI Score
0.001EPSS
6.1CVSS
6.7AI Score
0.001EPSS
6.1CVSS
5.2AI Score
0.001EPSS
5.3CVSS
6.2AI Score
0.001EPSS
4.4CVSS
5.8AI Score
0.001EPSS
6.3CVSS
6AI Score
0.001EPSS
6CVSS
6.5AI Score
0.001EPSS
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
9.8CVSS
9.7AI Score
0.068EPSS