365 matches found
PT-2022-26082 · Kyocera · Taskalfa 255C +34
Name of the Vulnerable Software and Affected Versions: Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa...
webkitgtk: Memory corruption issue leading to arbitrary code execution
A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution...
CVE-2022-43495
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...
Design/Logic Flaw
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...
CVE-2022-43495 An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...
mysql: Server: DDL unspecified vulnerability (CPU Apr 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...
mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
PHP 8.0.x < 8.0.24 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...
Insecure Cookie
PHP is vulnerable to Insecure Cookie. The vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
django: Potential directory-traversal via Storage.save()
A directory-traversal flaw was found in Django's Storage.save method, where a network attacker could possibly traverse restricted paths using suitably crafted file names...
PT-2022-6996 · Exim +4 · Exim +4
Name of the Vulnerable Software and Affected Versions: Exim affected versions not specified Description: The issue is related to an out-of-bounds read in the Exim smtp service, which can allow network-adjacent attackers to disclose sensitive information on affected installations of Exim. The...
CVE-2022-22775
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting XSS vulnerabilities that allow low privileged attackers with network access to execute scripts...
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
A flaw was found in webkitgtk. The vulnerability occurs due to improper memory handling, which can lead to a type confusion issue. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code execution...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
CVE-2022-22570
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s UA Lite firmware Version 3.8.28.24 and earlier allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later...
Elecom elecom lan 安全漏洞
ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in elecom lan routers that allows network-adjacent authenticated attackers to bypass access restrictions and access the product's management screens via unspecified vectors. The following products and versions are affected:...