Lucene search
K

3382 matches found

OSV
OSV
added 2022/04/14 1:15 p.m.6 views

AZL-9416 CVE-2022-27457 affecting package mariadb for versions less than 10.6.8-1

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

7.5CVSS7.2AI score0.01663EPSS
Exploits1References1
OSV
OSV
added 2022/04/14 1:15 p.m.2 views

ALPINE-CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...

7.5CVSS7.3AI score0.01564EPSS
Exploits1References1
OSV
OSV
added 2022/04/14 1:15 p.m.6 views

UBUNTU-CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...

7.5CVSS7.1AI score0.01564EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2022/04/14 12:57 p.m.35 views

CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

7.5CVSS7.5AI score0.01663EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/04/14 12:57 p.m.41 views

CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

7.5CVSS8.8AI score0.01663EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.4 views

MariaDB 资源管理错误漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a branch version of MySQL that uses the Maria storage engine. a memory misquote vulnerability exists in MariaDB v10.6.3 and lower, which originates in the /strings/ctype-simple.c component my...

7.5CVSS7.6AI score0.01564EPSS
Exploits1References14
NVD
NVD
added 2022/04/13 9:15 p.m.40 views

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS0.02257EPSS
Exploits0References2
OSV
OSV
added 2022/04/13 8:55 p.m.34 views

CVE-2022-24818 Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS7.5AI score0.02257EPSS
Exploits0References4
OSV
OSV
added 2022/04/01 11:15 p.m.5 views

CVE-2022-1068

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

7.5CVSS7.5AI score0.00949EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/30 12:0 a.m.19 views

DrayTek Vigor Format String Vulnerability

DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...

9.8CVSS5.2AI score0.03302EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.3 views

Modbus Slave 缓冲区错误漏洞

Modbus Slave is a device simulator for PLCs, primarily for PLC programming. Modbus Slave has a security vulnerability that stems from susceptibility to a stack-based buffer overflow in the registration field. This can cause the program to crash when long strings are used...

7.5CVSS7.7AI score0.00949EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.4 views

Draytek多款产品格式化字符串错误漏洞

DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...

9.8CVSS6.2AI score0.03302EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.17 views

openSUSE: Security Advisory for rust, (openSUSE-SU-2022:0843-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.3CVSS7.4AI score0.01376EPSS
Exploits1References2
OSV
OSV
added 2022/03/21 10:15 a.m.4 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS5.8AI score0.0043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/21 9:0 a.m.10 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS5.9AI score0.0043EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.5 views

OTRS 跨站脚本漏洞

OTRS is an application from the German company OTRS. A service management software. A cross-site scripting vulnerability exists in OTRS, which stems from the translator's lack of filtering and escaping for a small number of translatable strings, and can be exploited to execute JavaScript code by...

5.4CVSS5.4AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2022/03/05 2:15 a.m.3 views

CVE-2022-25044

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString...

7.8CVSS5.7AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2022/03/04 12:0 a.m.35 views

Security update for libeconf, shadow and util-linux (moderate)

openSUSE Security Update: Security update for libeconf, shadow and util-linux Announcement ID: openSUSE-SU-2022:0727-1 Rating: moderate References: 1188507 1192954 1193632 1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 SUSE: 4.7...

5.5CVSS6.7AI score0.00634EPSS
Exploits4References6
OSV
OSV
added 2022/02/24 7:15 p.m.6 views

CVE-2020-14502

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface...

6.1CVSS5.8AI score0.00992EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/23 12:0 a.m.243 views

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-1180)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a fie...

7.4CVSS7AI score0.50445EPSS
Exploits0References2
Rows per page
Query Builder