14 matches found
EUVD-2026-42605
Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mgtlsserverrecvhello, which uses an attacker-controlled sessionidlen byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthenticated...
CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
CVE-2024-5722
creationtimestamp| type| source ---|---|--- 2024-08-13 07:31:39+00:00| published-proof-of-concept| https://t.me/Kelvinseccommunity/730 2024-08-13 07:31:57+00:00| published-proof-of-concept| https://t.me/HackerArsenal/160 2024-08-18 06:23:26+00:00| published-proof-of-concept|...
Objectplanet Opinio Security Vulnerability
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in Objectplanet Opinio 7.22 and earlier versions, which stems from Ben's use of a cryptographically weak pseudo-random number generator PRNG with predictable seeding, which could lead to the...
ZTE ZXCLOUD iRAI Code Injection Vulnerability
The ZTE ZXCLOUD iRAI is a virtualization appliance from China's ZTE Corporation ZTE. A security vulnerability exists in ZTE ZXCLOUD iRAI version 7.22.11P2 and prior versions, which stems from the program's inability to adequately validate user input. An attacker can exploit the vulnerability to...
PT-2023-19671 · Sap · Sap Host Agent
Name of the Vulnerable Software and Affected Versions: SAP Host Agent Start Service versions 7.21, 7.22 Description: An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent can submit a crafted ConfigureOutsideDiscovery request with an...
SAP Host Agent 安全漏洞
SAP Host Agent is a set of agent programs from SAP, Germany, that support several lifecycle management tasks such as operating system monitoring, database monitoring, and system instance monitoring. A security vulnerability exists in SAP Host Agent Start Service version 7.21 and 7.22. An attacker...
SAP NetWeaver 和 ABAP Platform 安全漏洞
SAP NetWeaver and SAP ABAP Platform are both products of SAP, a service-oriented, integrated application platform. SAP NetWeaver is an integrated service-oriented application platform that provides a development and runtime environment for SAP applications.SAP ABAP Platform is an ABAP-based SAP...
CVE-2019-0318
Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...
mysql: Audit Log unspecified vulnerability (CPU Jul 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Audit Log. Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attack...
Oracle MySQL Server Component Denial of Service Vulnerability (CNVD-2019-07348)
Oracle MySQL is an open source relational database management system from Oracle. The database system is characterized by high performance, low cost, good reliability, etc. MySQL Server is one of the server components. A security vulnerability exists in the Server: DML subcomponent of the MySQL...
Unspecified Vulnerability in Oracle MySQL Server Component (CNVD-2019-07354)
Oracle MySQL is an open source relational database management system from Oracle. The database system is characterized by high performance, low cost, good reliability, etc. MySQL Server is one of the server components. A security vulnerability exists in the Server: Security: Privileges subcompone...
UBUNTU-CVE-2018-3054
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
ImageMagick Buffer Overflow Vulnerability (CNVD-2018-05481)
ImageMagick is the United States ImageMagick Studio, Inc. of a set of open source image processing software. The software can read, convert, write images in a variety of formats. libfpx is used in one of the open source Flashpix image support library . A buffer overflow vulnerability exists in th...