Lucene search
K

283 matches found

Cvelist
Cvelist
added 2023/07/17 12:0 a.m.34 views

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...

9.2AI score0.01059EPSS
Exploits0References3
Citrix
Citrix
added 2023/06/26 12:0 a.m.9 views

WEM Server Failed to Connect Database after SQL AlwaysOn Failover to Secondary

User has followed Citrix Doc below to setup AlwaysOn for WEM: https://docs.citrix.com/en-us/workspace-environment-management/current-release/system-requirements.htmlsql-server-always-on However, the WEM server won't be able to connect AlwaysOn database after a failover from primary SQL to...

7.6AI score
Exploits0
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.3 views

Atlas Copco Power Focus 安全漏洞

Atlas Copco Power Focus is a universal tightening system from Atlas Copco Sweden that connects to a wide range of Atlas Copco assembly tools to provide you with a full platform assembly solution. A security vulnerability exists in the Atlas Copco Power Focus 6000 that stems from the server making...

9.4CVSS7.3AI score0.00341EPSS
Exploits0References2
Prion
Prion
added 2023/05/16 5:15 p.m.28 views

Security feature bypass

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method...

4CVSS6.3AI score0.00578EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.6 views

Vulnerability of the Server component: The Connection Handling module of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the MySQL Server component, which handles database connections, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

3.3CVSS6.3AI score0.00989EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.4 views

PT-2023-2534 · Oracle +4 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.40 and prior MySQL Server versions 8.0.31 and prior Description: The issue is related to insufficient input validation in the Server: Connection Handling component of MySQL Server, allowing a remote attacker to cause...

9.8CVSS6.8AI score0.78483EPSS
Exploits10References338
CVE
CVE
added 2023/04/17 12:0 a.m.39 views

CVE-2023-24504

The CVE-2023-24504 entry concerns Electra Central AC units. Reported vulnerability: an adjacent attacker could cause the unit to connect to an unauthorized update server. Public sources corroborate an impact on update server trust and potential control over update behavior; however, the documents...

7.5CVSS6.6AI score0.00271EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2023/04/06 12:0 a.m.15 views

Fail to launch SF resources: SSL Error 59

Fail to launch SF resources: Unable to connect the server. Contact your system administrator with the the following error: SSL Error 59: The server sent a security certificate identifying "www.xxxx.com", the SSL connection was to "SRA.XXXXX.COM.CN"...

7.1AI score
Exploits0
OSV
OSV
added 2023/02/24 3:15 p.m.2 views

DEBIAN-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS7.3AI score0.01481EPSS
Exploits0References1
OSV
OSV
added 2023/02/15 2:15 p.m.5 views

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

8.8CVSS7.2AI score0.00455EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.2 views

SUSE CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection...

3.7CVSS8.4AI score0.03764EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5443

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection...

4.7CVSS7.5AI score0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.8 views

CVE-2023-23848

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.0052EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.30 views

CVE-2023-25768

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...

6.5CVSS6.7AI score0.00639EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/18 12:0 a.m.53 views

Oracle MySQL Server 5.7.x < 5.7.41 (Jan 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging cURL. Supported versions that are affected are 5.7.40 and pri...

9.8CVSS6.2AI score0.04325EPSS
Exploits1References5
OSV
OSV
added 2022/11/01 6:15 p.m.2 views

ALPINE-CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS7.5AI score0.92488EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.36 views

Oracle MySQL Server (Oct 2022 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 5.7.39 and...

5.3CVSS5.5AI score0.04425EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.12 views

PT-2022-5170 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.30 and prior Description: The issue is related to insufficient input validation in the Server: Connection Handling component of MySQL Server. This allows a high-privileged...

9.8CVSS7.1AI score0.78483EPSS
Exploits10References401
CNVD
CNVD
added 2022/06/30 12:0 a.m.29 views

Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability

Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...

7.8CVSS2AI score0.00418EPSS
Exploits0References1
Prion
Prion
added 2022/06/24 1:15 p.m.16 views

Design/Logic Flaw

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...

6.8CVSS7.5AI score0.00418EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder