CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21412

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21412

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21412

CVE-2022-21412 involves Oracle MySQL Server (component: Server: Optimizer) with affected versions 8.0.28 and earlier. An attacker with network access and high privileges can cause the server to hang or crash (complete DOS). Public advisories confirm fixes in subsequent MySQL releases across distr...

CVE-2022-21410

CVE-2022-21410 affects Oracle Database Server, specifically the Enterprise Edition Sharding component in 19c. The vulnerability allows a high-privileged attacker (requiring Create Any Procedure privilege) with network access via Oracle Net to compromise Sharding, potentially leading to takeover o...

CVE-2022-21410

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to...

CVE-2022-21405

CVE-2022-21405 affects Oracle OSS Support Tools (component: Oracle Explorer) with affected version 18.3. The vulnerability enables a high-privilege attacker who can log on to the infrastructure running OSS Support Tools to compromise the tooling; exploitation requires user interaction and may imp...

Automated Logic WebCTRL

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Low attack complexity/exploitable remotely Vendor: Automated Logic is a part of Carrier Global Corporation Equipment: WebCtrl Server Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Exploit for Prototype Pollution in Qs_Project Qs

PoC exploit for CVE-2022-24999, a qs prototype poisoning vulnera...

MapSVG < 6.2.20 - Unauthenticated SQLi

The plugin does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. PoC https://example.com/wp-json/mapsvg/v1/maps/2?id=1%27%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5b--+...

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2022-1416)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

MySQL -- Multiple vulnerabilities

Oracle reports: The 2022 April Critical Patch Update contains 43 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:1176-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1176-1 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on differe...

GHSA-RVG5-F5FJ-MXVG Cross-site Scripting in Jenkins Credentials Plugin

Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...

Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of...

Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-PV7P-C7CP-VRH3 Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of th...

SEMA API < 4.02 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users PoC v 3.64: curl http://example.com/wp-admin/admin-ajax.php --data 'action=getsemadata=attributes=-3 UNION ALL...

BadgeOS <= 3.7.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users PoC curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievementsonly=trueid=11 AND SELECT 9628 FROM...

Mozilla: Use-after-free after VR Process destruction

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash...