19 matches found
EUVD-2026-30869
Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
Tenable Nessus Agent < 11.0.4 / 11.1.x < 11.1.2 DoS (TNS-2026-05)
According to its self-reported version, the Tenable Nessus Agent running on the remote host is prior to 11.0.4 or 11.1.x prior to 11.1.2. It is, therefore, affected by a vulnerability as referenced in the TNS-2026-05 advisory. - A vulnerability has been identified where weak file permissions in t...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
CVE-2025-54223 InCopy | Use After Free (CWE-416)
InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
UBUNTU-CVE-2025-0510
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135...
UBUNTU-CVE-2024-9402
Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 131, Firefox ESR...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 - Unauthenticated Remote Code Execution in Cacti...
SUSE CVE-2022-21427
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
SUSE CVE-2022-21451
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
GHSA-6CW3-G6WV-C2XV Infinite Loop in Django
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
...
CVE-2020-2701
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...
Inappropriate SPIP Privileges Vulnerability
SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. A privilege impropriety vulnerability exists in SPIP versions prior to 3.1.11 and 3.2.2 prior to 3.2.5, which can be exploited by an attacker to modify arbitrary published content or make other...
Palo Alto Networks Traps Code Injection Vulnerability
Palo Alto Networks Traps is a suite of endpoint security protection software from Palo Alto Networks, USA. A code injection vulnerability exists in Palo Alto Networks Traps 5.0.5 and prior versions. The vulnerability stems from a network system or product not properly filtering specific elements ...
thunderbird: flaw in verification of S/MIME signature resulting in signature spoofing
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...
mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
JDK: unspecified vulnerability fixed in 7u45 (Deployment)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831...