Lucene search
+L

365 matches found

Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.9 views

PT-2022-26082 · Kyocera · Taskalfa 255C +34

Name of the Vulnerable Software and Affected Versions: Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa...

6.5CVSS6.7AI score0.00491EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/15 1:26 p.m.4 views

webkitgtk: Memory corruption issue leading to arbitrary code execution

A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...

8.8CVSS6AI score0.00869EPSS
Exploits0References5
NVD
NVD
added 2022/11/03 8:15 p.m.15 views

CVE-2022-43495

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...

7.5CVSS0.00616EPSS
Exploits0References1
Prion
Prion
added 2022/11/03 8:15 p.m.16 views

Design/Logic Flaw

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...

5CVSS7.5AI score0.00616EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/03 7:15 p.m.19 views

CVE-2022-43495 An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...

6.5CVSS7.7AI score0.00616EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/10/25 9:10 a.m.7 views

mysql: Server: DDL unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

4.4CVSS7.3AI score0.01266EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/25 9:10 a.m.3 views

mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.8CVSS7.3AI score0.01663EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.49 views

PHP 8.0.x < 8.0.24 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

6.5CVSS7.1AI score0.49336EPSS
Exploits2References3
Veracode
Veracode
added 2022/09/30 11:10 a.m.51 views

Insecure Cookie

PHP is vulnerable to Insecure Cookie. The vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.9AI score0.49336EPSS
Exploits2References17Affected Software8
Cvelist
Cvelist
added 2022/09/28 10:25 p.m.90 views

CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

7.4AI score0.49336EPSS
Exploits2References12
Vulnrichment
Vulnrichment
added 2022/09/28 10:25 p.m.22 views

CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.9AI score0.49336EPSS
Exploits2References12
AlpineLinux
AlpineLinux
added 2022/09/28 10:25 p.m.57 views

CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.6AI score0.49336EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/09/14 1:47 p.m.4 views

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

7.2CVSS6.8AI score0.01161EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.2 views

django: Potential directory-traversal via Storage.save()

A directory-traversal flaw was found in Django's Storage.save method, where a network attacker could possibly traverse restricted paths using suitably crafted file names...

5.3CVSS7.1AI score0.02388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.3 views

PT-2022-6996 · Exim +4 · Exim +4

Name of the Vulnerable Software and Affected Versions: Exim affected versions not specified Description: The issue is related to an out-of-bounds read in the Exim smtp service, which can allow network-adjacent attackers to disclose sensitive information on affected installations of Exim. The...

9.8CVSS6.5AI score0.28084EPSS
Exploits6References60
OSV
OSV
added 2022/05/17 6:15 p.m.7 views

CVE-2022-22775

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting XSS vulnerabilities that allow low privileged attackers with network access to execute scripts...

5.4CVSS6.1AI score0.00487EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/05/10 1:27 p.m.3 views

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A flaw was found in webkitgtk. The vulnerability occurs due to improper memory handling, which can lead to a type confusion issue. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...

9.3CVSS6AI score0.01459EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2022/04/29 7:0 a.m.5 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

4.4CVSS6.2AI score0.01266EPSS
Exploits0
OSV
OSV
added 2022/04/01 11:15 p.m.4 views

CVE-2022-22570

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s UA Lite firmware Version 3.8.28.24 and earlier allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later...

10CVSS7.5AI score0.01027EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.4 views

Elecom elecom lan 安全漏洞

ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in elecom lan routers that allows network-adjacent authenticated attackers to bypass access restrictions and access the product's management screens via unspecified vectors. The following products and versions are affected:...

8.8CVSS7.8AI score0.00429EPSS
Exploits0References3
Rows per page
Query Builder