Lucene search
K

14 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in alsa-lib

Versions of alsa-lib from 1.2.2 up to and including 1.2.15.2, prior to the release of 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

4.6CVSS7.2AI score0.00191EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.13.1 : alsa-lib (EulerOS-SA-2026-2118)

According to the versions of the alsa-lib package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topolog...

4.6CVSS5.5AI score0.00191EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: alsa-lib (UTSA-2026-006158)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006158 advisory. alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The...

4.6CVSS5.8AI score0.00191EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/29 7:50 p.m.4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the tplgdecodecontrolmixer1 function when the numchannels field from untrusted .tplg data is used as a loop bound without validation against the fixed-size channel array. An attacker can cause...

4.6CVSS7AI score0.00191EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 7:8 p.m.5 views

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS6AI score0.00191EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/29 7:8 p.m.26 views

CVE-2026-25068 alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51289

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00596EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 7:15 p.m.3 views

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS5.9AI score0.00596EPSS
Exploits0References1
NVD
NVD
added 2023/08/09 7:15 p.m.29 views

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS8.9AI score0.00596EPSS
Exploits0References1
Prion
Prion
added 2023/08/09 7:15 p.m.15 views

Sql injection

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

6.5CVSS8.8AI score0.00596EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 6:14 p.m.22 views

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS9AI score0.00596EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 6:14 p.m.40 views

CVE-2022-48593

CVE-2022-48593 affects ScienceLogic SL1, specifically theTopology Data Service feature, where unsanitized user input is passed directly into a SQL query, enabling SQL injection. Public sources consistently describe this as a high-severity, network-based risk with high confidentiality, integrity, ...

8.8CVSS8.8AI score0.00596EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/09 6:14 p.m.24 views

CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS7.8AI score0.00596EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.3 views

PT-2023-15865 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the “topology data service” feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary...

8.8CVSS8.9AI score0.00596EPSS
Exploits0References3
Rows per page
Query Builder