Lucene search
K

23 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in bluez

BlueZ before version 5.59 allows physically nearby attackers to cause a denial of service, as malformed and invalid capabilities can be processed in the profiles/audio/avdtp.c file...

8.8CVSS6.5AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2024/01/31 3:12 p.m.11 views

BIT-CIVICRM-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS5.2AI score0.02537EPSS
Exploits4References2
Prion
Prion
added 2023/05/23 1:15 a.m.15 views

Cross site scripting

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

4.9CVSS5.4AI score0.02537EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.8 views

PT-2023-20063 · Civicrm +1 · Civicrm +1

Name of the Vulnerable Software and Affected Versions: CiviCRM version 5.59.alpha1 Description: A Stored Cross Site Scripting XSS issue exists in the add contact function, allowing attackers to execute arbitrary code in the first/second name field. Recommendations: For CiviCRM version 5.59.alpha1...

5.4CVSS5.7AI score0.02537EPSS
Exploits4References16
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.36 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.5AI score0.02537EPSS
Exploits4References2
UbuntuCve
UbuntuCve
added 2023/05/23 12:0 a.m.13 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS6.4AI score0.02537EPSS
Exploits4References3
CVE
CVE
added 2023/05/23 12:0 a.m.66 views

CVE-2023-25440

CVE-2023-25440 affects CiviCRM 5.59.alpha1. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Add Contact function, exploitable via the first/second name fields, enabling an attacker to execute arbitrary scripts when the page loads. Multiple connected sources confirm the issue and r...

5.4CVSS5.3AI score0.02537EPSS
Exploits4References2Affected Software1
Debian CVE
Debian CVE
added 2023/05/23 12:0 a.m.18 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS5.3AI score0.02537EPSS
Exploits4
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.5 views

CiviCRM 跨站脚本漏洞

CiviCRM is an open source, cloud-based member relationship management CRM system developed specifically to meet the needs of nonprofit and association-based organizations. A cross-site scripting vulnerability exists in CiviCRM version 5.59 that stems from the presence of a cross-site scripting XS...

5.4CVSS5.3AI score0.02537EPSS
Exploits4References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.4 views

SUSE CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3CVSS6.7AI score0.02568EPSS
Exploits0References17
OSV
OSV
added 2022/09/02 4:15 a.m.2 views

UBUNTU-CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c...

8.8CVSS6.7AI score0.00611EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2022/09/02 4:15 a.m.45 views

CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...

8.8CVSS3.6AI score0.00657EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/09/02 4:15 a.m.44 views

CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c...

8.8CVSS4.4AI score0.00611EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2022/09/02 4:15 a.m.26 views

CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...

8.8CVSS6.8AI score0.00657EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/09/02 4:15 a.m.38 views

CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c...

8.8CVSS6.8AI score0.00611EPSS
Exploits0References2
OSV
OSV
added 2022/09/02 12:0 a.m.26 views

CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...

8.8CVSS6.1AI score0.00657EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/09/02 12:0 a.m.48 views

CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...

8.8CVSS7.2AI score0.00657EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/02 12:0 a.m.3 views

CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c...

5.8AI score0.00611EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/02 12:0 a.m.2 views

BlueZ 安全漏洞

BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. versions prior to BlueZ 5.59 have an input validation error vulnerability that stems from the failure of the profiles/audio/avrcp.c component to validate...

8.8CVSS6.9AI score0.00657EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/12/07 12:0 a.m.5 views

PT-2022-6907 · Bluez +3 · Bluez +3

Name of the Vulnerable Software and Affected Versions: BlueZ versions prior to 5.59 Description: The issue is related to insufficient input validation in the profiles/audio/avdtp.c component of the BlueZ package. This can be exploited by physically proximate attackers to cause a denial of service...

9.1CVSS6.3AI score0.0229EPSS
Exploits4References66
Rows per page
Query Builder