Lucene search
K

1394 matches found

OSV
OSV
added 2022/10/25 5:15 p.m.1 views

DEBIAN-CVE-2022-39837

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...

5.5CVSS5.6AI score0.00417EPSS
Exploits3References1
OSV
OSV
added 2022/10/25 5:15 p.m.1 views

DEBIAN-CVE-2022-39836

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...

5.5CVSS5.8AI score0.00417EPSS
Exploits3References1
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

UBUNTU-CVE-2022-39836

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...

5.5CVSS6.2AI score0.00417EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.3 views

PT-2022-24860 · Flux · Flux

Name of the Vulnerable Software and Affected Versions: Flux versions prior to 0.35.0 Description: The issue concerns a Denial of Service in Flux, an open and extensible continuous delivery solution for Kubernetes. Users with permissions to change Flux's objects can provide invalid data to fields...

5CVSS4.4AI score0.00606EPSS
Exploits0References18
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.3 views

Boodskap IoT Platform 跨站脚本漏洞

Boodskap IoT Platform is an IoT platform from Boodskap, Inc. A security vulnerability exists in Boodskap IoT Platform version v4.4.9-02 that stems from its application not enforcing input validation and output cleanup across multiple functions resulting in multiple cross-site scripts...

5.4CVSS5.5AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2022/10/11 11:15 a.m.3 views

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

5.4CVSS6AI score
Exploits0References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.13 views

Online Pet Shop We App Master.php?f=delete_order SQL Injection Vulnerability

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...

7.2CVSS7.5AI score0.00804EPSS
Exploits1References1
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.12 views

_releaseIntervalSecs is not validated

Lines of code Vulnerability details Impact VTVLVesting.sol has createClaimUnchecked function to create the claims internally while validating parameters with the users' allocations. However, releaseIntervalSecs is not validated comparing to user's linearVestAmount and startTimestamp endTimestamp...

6.5AI score
Exploits0
OSV
OSV
added 2022/09/21 4:15 p.m.3 views

CVE-2022-41244

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

8.1CVSS5.8AI score0.00524EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.4 views

Safe Software FME Server 路径遍历漏洞

Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...

9.1CVSS7.2AI score0.00944EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/09 4:15 p.m.0 views

CVE-2022-28742

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application...

7.5CVSS7.1AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2022/09/06 6:15 p.m.2 views

CVE-2022-2541

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

8.8CVSS5.6AI score0.00515EPSS
Exploits0References4
OSV
OSV
added 2022/09/06 6:15 p.m.4 views

CVE-2022-2542

The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This make...

8.8CVSS5.6AI score0.00507EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

WordPress plugin Link Optimizer Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.00499EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-17281 · WordPress · Ucontext For Clickbank

Name of the Vulnerable Software and Affected Versions: uContext for Clickbank plugin for WordPress versions up to, and including 3.9.1 Description: The issue is due to missing nonce validation in the /app/sites/ajax/actions/keyword save.php file, which is called via the doAjax function. This allo...

8.8CVSS8AI score0.00507EPSS
Exploits0References7
OSV
OSV
added 2022/09/01 9:15 p.m.6 views

AZL-10865 CVE-2022-32743 affecting package samba 4.12.5-7

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

7.5CVSS7.1AI score0.01105EPSS
Exploits1References1
OSV
OSV
added 2022/09/01 9:15 p.m.3 views

DEBIAN-CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

7.5CVSS7.2AI score0.01105EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/09/01 2:21 p.m.4 views

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.7AI score0.00598EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/09 12:23 p.m.10 views

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.7AI score0.00598EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.5 views

Simple E-Learning System 安全漏洞

Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...

7.5CVSS5.8AI score0.00656EPSS
Exploits1References3
Rows per page
Query Builder