Lucene search
+L

14 matches found

snyk
snyk
added 2026/06/23 9:22 p.m.5 views

Incomplete List of Disallowed Inputs

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...

9.2CVSS5.8AI score0.00695EPSS
Exploits0References2
osv
osv
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References1
osv
osv
added 2026/06/23 9:17 p.m.4 views

UBUNTU-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References6
euvd
euvd
added 2025/12/10 9:31 p.m.5 views

EUVD-2025-202584

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

7.8CVSS7.5AI score0.01137EPSS
Exploits1References7
ics
ics
added 2025/12/10 4:46 p.m.4 views

Windscribe for Linux 'changeMTU' local privilege escalation

RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...

7.8CVSS7.8AI score0.01137EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-30081

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01209EPSS
Exploits1References4
patchstack
patchstack
added 2025/08/26 9:49 p.m.6 views

WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability discovered by Webbernaut in WordPress Plugin Lazy Load for Videos versions = 2.18.7...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1Affected Software1
prion
prion
added 2023/10/17 11:15 p.m.15 views

Buffer overflow

Connected Vehicle Systems Alliance COVESA up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dltcommon.c...

5CVSS7.7AI score0.00906EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2023/10/17 12:0 a.m.8 views

PT-2023-25534 · Covesa +1 · Covesa +1

Name of the Vulnerable Software and Affected Versions: Connected Vehicle Systems Alliance COVESA versions up to 2.18.8 Description: The issue is related to a buffer overflow in the Connected Vehicle Systems Alliance COVESA software. This buffer overflow occurs via the component /shared/dlt...

7.5CVSS7AI score0.01209EPSS
Exploits6References25
ptsecurity
ptsecurity
added 2023/02/27 12:0 a.m.4 views

PT-2023-20567 · Covesa +1 · Dlt-Daemon +1

Name of the Vulnerable Software and Affected Versions: dlt-daemon versions through 2.18.8 Description: An issue was discovered in the Connected Vehicle Systems Alliance COVESA; formerly GENIVI dlt-daemon. Dynamic memory is not released after it is allocated in dlt-control-common.c. Recommendation...

7.5CVSS6.6AI score0.01209EPSS
Exploits6References25
cnnvd
cnnvd
added 2023/02/27 12:0 a.m.9 views

dlt-daemon 安全漏洞

The dlt-daemon is the DLT communication interface for ECUs in the GlobalGENIVI community. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A security vulnerability exists in dlt-daemo version 2.18.8 and earlie...

7.5CVSS7.2AI score0.01209EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/09/27 12:0 a.m.7 views

dlt-daemon 代码问题漏洞

Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A denial of service vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...

5.5CVSS6.7AI score0.00417EPSS
Exploits3References6
attackerkb
attackerkb
added 2022/06/16 4:15 p.m.3 views

CVE-2022-31291

An issue in dltconfigfileparser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets...

7.5CVSS7.1AI score0.00992EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/06/16 12:0 a.m.14 views

PT-2022-20669 · Unknown · Dlt-Daemon

Name of the Vulnerable Software and Affected Versions: dlt-daemon version 2.18.8 Description: An issue in the dlt config file parser.c file allows attackers to cause a double free via crafted TCP packets. This can be exploited by sending specifically crafted packets to the affected system...

9.8CVSS7.3AI score0.04227EPSS
Exploits1References20
Rows per page
Query Builder