Lucene search
K

8751 matches found

Rockylinux
Rockylinux
added 2022/06/28 8:27 a.m.33 views

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

6.5CVSS7.5AI score0.0363EPSS
Exploits5
CNVD
CNVD
added 2022/06/28 12:0 a.m.21 views

Espressif ESP-IDF Memory Corruption Vulnerability

Espressif ESP-IDF is an IoT development framework from China Lexin Information Technology Espressif.A memory corruption vulnerability exists in Espressif ESP-IDF, which stems from not checking the SegN field of the Transaction Start PDU, and can be exploited by an attacker during configuration to...

8.3CVSS3.3AI score0.00521EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/06/27 9:15 p.m.17 views

Design/Logic Flaw

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

6.4CVSS6.5AI score0.02108EPSS
Exploits1References11Affected Software1
UbuntuCve
UbuntuCve
added 2022/06/27 9:15 p.m.33 views

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

7.3CVSS6.7AI score0.02108EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2022/06/27 12:0 a.m.56 views

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

7.3CVSS6.9AI score0.02108EPSS
Exploits1
OSV
OSV
added 2022/06/24 8:15 a.m.5 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/06/24 8:15 a.m.19 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

7.5CVSS0.00951EPSS
Exploits0References1
Prion
Prion
added 2022/06/24 8:15 a.m.12 views

Code injection

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

4.3CVSS7.6AI score0.00951EPSS
Exploits0References1Affected Software10
CVE
CVE
added 2022/06/24 7:46 a.m.82 views

CVE-2022-31805

The CVE-2022-31805 issue affects the CODESYS Development System (multiple components across several versions) where passwords used to authenticate between clients and servers are transmitted in plaintext. Public details in the NVD entry show network-based exploitation with partial confidentiality...

7.5CVSS7.8AI score0.00951EPSS
Exploits0References1Affected Software10
CNNVD
CNNVD
added 2022/06/24 12:0 a.m.4 views

CODESYS Development System 安全漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from the German company 3s-smart Software Solutions. A security vulnerability exists in several components of several versions of the CODESYS...

7.5CVSS7.6AI score0.00951EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.6 views

PT-2022-20945 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System affected versions not specified Description: The issue concerns the transmission of passwords for communication between clients and servers in an unprotected manner. This affects multiple components across various...

7.5CVSS6.6AI score0.00951EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/06/23 10:0 a.m.2 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

7.5CVSS5.3AI score0.00951EPSS
Exploits0References2Affected Software12
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.8 views

The vulnerability of the Azure Real Time Operating System GUIX Studio in the development environment, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Azure Real Time Operating System GUIX Studio lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS7.8AI score0.02103EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.5 views

The vulnerability of the Azure Real Time Operating System GUIX Studio in the development environment, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Azure Real Time Operating System GUIX Studio lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS7.8AI score0.02391EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.5 views

The vulnerability relates to the set of development tools called Intel Software Guard Extensions SDK, as well as microsoftware such as Intel SGX DCAP and SGX PSW. This vulnerability stems from operations that involve writing to memory beyond the buffer boundaries, allowing attackers to disclose sensitive information.

The vulnerability in the Intel Software Guard Extensions SDK, microsoftware such as Intel SGX DCAP and SGX PSW, is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

5.5CVSS6.8AI score0.05899EPSS
Exploits0References8Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.4 views

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

7.8CVSS7.5AI score0.01063EPSS
Exploits0References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/06/22 3:0 p.m.17 views

How to Secure App Development in the Cloud, With Tips From Gartner

Building applications in the cloud has been great for development speed and scalability, but it can sometimes feel more like a sustained migraine for security teams. How do you keep your cloud applications safe without resorting to a dizzying patchwork of overlapping tools and dispersed services?...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.6 views

Moderate: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase to last upstream release...

9.8CVSS6.7AI score0.21514EPSS
Exploits5References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:13 p.m.3 views

Malicious code in development-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23fee7eb3ceb54ffceb35cd803eddfae751b7889bc90a3fe1afcf309fc7411e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:13 p.m.6 views

MAL-2022-2456 Malicious code in development-guide (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23fee7eb3ceb54ffceb35cd803eddfae751b7889bc90a3fe1afcf309fc7411e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder