K52514501: MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617

Security Advisory Description CVE-2019-2596 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K63470526: MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258

Security Advisory Description CVE-2018-3203 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

K41815723: Java SE vulnerability CVE-2017-10078

Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java S...

K16898: PKCS #7 vulnerability CVE-2015-1790

Security Advisory Description The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob tha...

Important: thunderbird

Issue Overview: An out of date graphics library Angle likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird 78.9 and Firefox ESR 78.9. CVE-2021-4127 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson...

PT-2023-16618 · Unknown · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Pharmacy Management System version 1.0 Description: A critical issue has been found in the Avatar Image Handler component of the file add.php, leading to unrestricted upload. The attack can be initiated remotely. The issue affect...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. CVE-2020-12417 The Mozilla Foundation Security...

WP Coder < 2.5.4 - Admin+ SQLi

The plugin does not properly sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2023:0435-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0435-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java ...

GHSA-PH74-8RGX-64C5 Cross-site Scripting in Jenkins JUnit Plugin

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

Cross-site Scripting in Jenkins Pipeline: Build Step Plugin

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control job names...

Cross site scripting

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

SUSE CVE-2003-0790

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a...

SUSE CVE-2006-2191

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable...

SUSE CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interfacebackendnetcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service libvirtd crash via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list...

SUSE CVE-2014-6425

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

SUSE CVE-2015-1850

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none...

SUSE CVE-2016-7860

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...

SUSE CVE-2017-2836

An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or u...

SUSE CVE-2017-5459

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...