CVE-2022-41006

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

DEBIAN-CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

PT-2023-4769

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u351, 8u351-perf Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4 Description The issue is related to the Serialization component in Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an...

CVE-2022-43971 Arbitrary code execution in Linksys WUMC710

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware = 1.0.02 build3. The dosetNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator...

PT-2022-26993 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 versions 1.0.9/EE Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 routers. Authentication is not required to exploit this issue. The specific flaw...

Dahua software products 授权问题漏洞

Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in several Dahua software products that stems from an unrestricted ICMP request from its remote DSS server that allows an unauthenticated attacker to bypass firewall access contro...

Open redirect

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...

CVE-2022-41798

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...

CVE-2022-43447 Delta Electronics DIAEnergie SQL Injection

SQL Injection in AMEBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service DoS attacks. A privileged attacker with network access via multiple protocols is able to compromise the MySQL server, resulting in unauthorized ability to cause a hang or frequently repeatable crash...

CVE-2022-43495

OpenHarmony v3.1.2 and earlier contain a DOS vulnerability in the distributedhardware_device_manager when joining a network. An attacker can send an abnormal packet during network join, triggering a null pointer dereference and causing the device to reboot. The primary public sources confirm the ...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Replication unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

UBUNTU-CVE-2022-21640

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21615

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

UBUNTU-CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-21637

CVE-2022-21637 affects MySQL Server (InnoDB) with affected versions 8.0.30 and earlier. Root cause involves InnoDB vulnerability leading to a complete DOS (hang/crash) under network access with high privileges. Remediation observed in connected data shows upgrades to MySQL 8.0.32 (e.g., AlmaLinux...

PT-2022-14997 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.60 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction...

CVE-2022-21608

CVE-2022-21608 affects Oracle MySQL Server, specifically the Server: Optimizer component. Affected: MySQL 5.7.39 and earlier and 8.0.30 and earlier. Attack could be executed remotely with high privileges over multiple protocols, potentially causing the server to hang or crash (DoS). Public detail...