3382 matches found
AZL-9416 CVE-2022-27457 affecting package mariadb for versions less than 10.6.8-1
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...
ALPINE-CVE-2022-27455
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...
UBUNTU-CVE-2022-27455
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...
CVE-2022-27457
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...
CVE-2022-27457
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...
MariaDB 资源管理错误漏洞
MariaDB is a free and open source database management system from the MariaDB Foundation and a branch version of MySQL that uses the Maria storage engine. a memory misquote vulnerability exists in MariaDB v10.6.3 and lower, which originates in the /strings/ctype-simple.c component my...
CVE-2022-24818
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...
CVE-2022-24818 Unchecked JNDI lookups in GeoTools
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...
CVE-2022-1068
Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...
DrayTek Vigor Format String Vulnerability
DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...
Modbus Slave 缓冲区错误漏洞
Modbus Slave is a device simulator for PLCs, primarily for PLC programming. Modbus Slave has a security vulnerability that stems from susceptibility to a stack-based buffer overflow in the registration field. This can cause the program to crash when long strings are used...
Draytek多款产品格式化字符串错误漏洞
DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...
openSUSE: Security Advisory for rust, (openSUSE-SU-2022:0843-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...
OTRS 跨站脚本漏洞
OTRS is an application from the German company OTRS. A service management software. A cross-site scripting vulnerability exists in OTRS, which stems from the translator's lack of filtering and escaping for a small number of translatable strings, and can be exploited to execute JavaScript code by...
CVE-2022-25044
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString...
Security update for libeconf, shadow and util-linux (moderate)
openSUSE Security Update: Security update for libeconf, shadow and util-linux Announcement ID: openSUSE-SU-2022:0727-1 Rating: moderate References: 1188507 1192954 1193632 1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 SUSE: 4.7...
CVE-2020-14502
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface...
EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-1180)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a fie...