Lucene search
K

1155 matches found

NVD
NVD
added 2022/09/06 8:15 p.m.15 views

CVE-2022-36058

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

7.5CVSS0.00952EPSS
Exploits1References3
CVE
CVE
added 2022/09/06 8:10 p.m.74 views

CVE-2022-36058

Elrond-go (github.com/ElrondNetwork/elrond-go) prior to version 1.3.34 is affected by CVE-2022-36058 due to a MultiESDTNFTTransfer call with a missing function name in SC addresses. The issue is confirmed in multiple sources (Red Hat, NVD, OSV, GHSA) and is triggered when processing certain Multi...

7.5CVSS7.4AI score0.00952EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/09/06 12:0 a.m.25 views

Improper Input Validation

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

7.5CVSS3.5AI score0.00952EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.6 views

The vulnerability of the Web Services sub-component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows attackers to cause service failures.

The vulnerability of the Web Services sub-component of the Oracle WebLogic Server application server within the Oracle Fusion Middleware software platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using...

5.3CVSS6.3AI score0.0088EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.7 views

The vulnerability of the Core component of the Oracle Coherence data processing software platform allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle Coherence data processing software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures using the specially crafted T3 network protocol...

7.8CVSS6.6AI score0.0081EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-4185-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.5AI score0.03133EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-1093-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.7AI score0.17009EPSS
Exploits85References4
BDU FSTEC
BDU FSTEC
added 2022/08/26 12:0 a.m.5 views

The vulnerability of the OSPFv3 network protocol implementation in Cisco NX-OS network operating systems allows a attacker to cause a service failure.

The vulnerability of the OSPFv3 network protocol implementation in Cisco NX-Os network operating systems involves a lack of checks for buffer size and reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

7.8CVSS7.7AI score0.01022EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.3 views

Honeywell Alerton Ascent Control Module 安全漏洞

The Honeywell Alerton Ascent Control Module is a high performance, BACnet-compliant, integrated building controller and router from USAHoneywell. It can support BACnet/Ethernet, BACnet/IP and BACnet/MSTP. A security vulnerability exists in Honeywell Alerton Ascent Control Module ACM versions...

8CVSS7.7AI score0.01174EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2022/07/13 6:39 p.m.80 views

USN-5513-1: Linux kernel (AWS) vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Likang Luo discovered that a race condition existed in the Bluetoo...

7.9CVSS6.9AI score0.06451EPSS
Exploits9
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.4 views

The vulnerability of the OSPF network protocol implementation in the microcomputer-based switching devices SCALANCE of the XM-400 and XR-500 series allows a intruder to trigger a service failure.

The vulnerability of the OSPF network protocol implementation in the microcomputer-based switching devices SCALANCE models XM-400 and XR-500 is related to the lack of integrity checks. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS7.1AI score0.00588EPSS
Exploits0References2Affected Software7
RedHat Linux
RedHat Linux
added 2022/07/01 12:52 a.m.5 views

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

8.1CVSS8AI score0.03821EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.17 views

Advantech iView 命令注入漏洞

Advantech iView, a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices, is vulnerable to a command injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which stems from the use of a special element in a command that is not...

9.8CVSS6.2AI score0.59184EPSS
Exploits4References7
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.3 views

Advantech iView SQL注入漏洞

Advantech iView is a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China. iView is vulnerable to a SQL injection vulnerability, which is caused by a special element used in SQL commands that is not neutralized and can be exploited to obtain...

4.9CVSS5.9AI score0.00796EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.4 views

Advantech iView SQL注入漏洞

Advantech Iview is a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices. information...

8.1CVSS5.4AI score0.00758EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.11 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a attacker to trigger a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using network T3/IIOP protocols...

7.8CVSS6.9AI score0.01265EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.3 views

The vulnerability of the Core component of the Oracle Coherence data processing software allows a hacker to execute arbitrary code.

The vulnerability of the Core component of the Oracle Coherence software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using the specially crafted T3 network protocol...

9.3CVSS8.2AI score0.01561EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/07 12:0 a.m.6 views

The vulnerability of the Designer sub-component of the Oracle WebCenter Forms Recognition software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Designer sub-component of the Oracle WebCenter Forms Recognition software platform is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, or add data, or cause a service...

7.5CVSS6.7AI score0.1133EPSS
Exploits4References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 1:45 a.m.21 views

OpenStack Compute (Nova) Improper Input Validation

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

4.3CVSS7.3AI score0.02626EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/05/17 1:45 a.m.3 views

GHSA-46R8-9CJ7-PW6G OpenStack Compute (Nova) Improper Input Validation

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

4.3CVSS6.5AI score0.02626EPSS
Exploits1References10
Rows per page
Query Builder