MariaDB 10.1.0 < 10.1.30 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.30 advisory. - sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and...

CVE-2022-21608

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

AlmaLinux 9 : java-17-openjdk (ALSA-2022:6999)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6999 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected a...

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2022-21608

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Host Engineering Communications Module

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

CVE-2022-31151

A flaw was found in the undici package. After cookie headers are set, they are not cleared. This issue could allow an attacker to take advantage of this cookie, which could be used to control the redirection target. Mitigation By default, this vulnerability is not exploitable. In order to make su...

A malicious delegatee can always block the delegator from undelegating the lock

Lines of code Vulnerability details Impact A user who has delegated his/hers voting power to a delegatee can break his/hers delegate only by submitting a lock with a higher expiration time than the delegatee after a successful call to increaseUnlockTime function. After that, he has to call the...

CVE-2022-2414

creationtimestamp| type| source ---|---|--- 2022-07-29 22:13:43+00:00| seen| https://t.me/cibsecurity/47279 2022-08-23 15:00:04+00:00| seen| https://t.me/poxek/2343 2022-08-31 13:04:24+00:00| seen| https://t.me/ptswarm/146 2022-12-06 14:42:14+00:00| published-proof-of-concept|...

Binary Vulnerability in CAD Mini Viewing at Shanghai Xiaosai Technology Co.

CAD Mini Viewer is a DWG viewing tool to quickly view DWG drawings out of AutoCAD. A binary vulnerability exists in CAD Mini Viewer, which can be exploited by attackers to cause the program to crash...

CVE-2022-21571

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for SECURITY-1955. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this...

GHSA-GPW4-7MCW-M8VX Cross-site Scripting in Jenkins Package Version Plugin

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability requires...

BSA-2022-1732

Security Advisory ID : BSA-2022-1732 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...

BSA-2022-1980

Security Advisory ID : BSA-2022-1980 Component : Oracle Java SE Revision : 1.1 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM...

Brandbugle SQL Injection Vulnerability

Brandbugle is an e-commerce application from Brandbugle India. Brandbugle is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via /main.php...