BIT-JAVA-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

EUVD-2022-1058

Malicious code in bioql PyPI...

EUVD-2022-0344

Malicious code in bioql PyPI...

CVE-2022-36088

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...

CVE-2022-0575

Cross-site Scripting XSS - Stored in Packagist librenms/librenms prior to 22.2.0...

CVE-2022-0588

Missing Authorization in Packagist librenms/librenms prior to 22.2.0...

Trimble TM4Web 权限许可和访问控制问题漏洞

Trimble TM4Web is a virtual simulation platform from Trimble designed to help users create and deploy Web-based virtual reality VR and augmented reality AR applications. A privilege permission and access control issue vulnerability exists in Trimble TM4Web version 22.2.0 that stems from improper...

OESA-2022-2155 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition...

CVE-2022-21597

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaScript. Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

PT-2022-14979

Name of the Vulnerable Software and Affected Versions Oracle GraalVM Enterprise Edition versions 20.3.7 through 22.2.0 Description An easily exploitable issue exists in the JavaScript component of Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via HTTP can...

CVE-2022-36088 GoCD Windows installations outside default location inadequately restrict installation file permissions

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or...

Twisted Web 21.7.0 < 22.2.0 DoS Vulnerability

Twisted Web is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

UBUNTU-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

Cross-site Scripting in librenms

Cross-site Scripting XSS - Stored in Packagist librenms/librenms prior to 22.2.0...

CVE-2022-0580

Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0...

PT-2022-13276 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: librenms/librenms versions prior to 22.2.0 Description: The issue is related to improper access control, which can lead to incorrect authorization. This can potentially allow unauthorized access to certain features or data. Recommendations: F...

Nextcloud Server Multiple Vulnerabilities (Oct 2021)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

PT-2021-23152 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.13 Nextcloud Server versions prior to 21.0.5 Nextcloud Server versions prior to 22.2.0 Description: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and...

Pixar Renderman Input Validation Vulnerability (CNVD-2019-42872)

Pixar Renderman is a rendering application used in animation and movie production. An input validation vulnerability exists in the Installation Assistant tool in version 22.2.0 of Pixar Renderman for Mac OS X-based platforms. A local attacker can exploit the vulnerability to elevate privileges to...