abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +133 more potentially affected by CVE-2023-22884 via apache-airflow (>=1.8.2 <=2.5.0)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-22884 Source advisory: OSV:GHSA-C732-XVV8-G94C...

ALPINE-CVE-2022-47015

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to dereference a null pointer...

ALPINE-CVE-2022-47021

A null pointer dereference issue was discovered in functions opgetdata and opopen1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts...

IBM Cloud Pak for Security 日志信息泄露漏洞

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A log information disclosure vulnerability exists in IBM...

Vim 代码问题漏洞

Vim is a cross-platform text editor. A code issue vulnerability exists in vim versions 8.1.2269 through 9.0.0339, which stems from a null pointer dereference in the function guix11createblankmouse in guix11.c, allowing attackers to cause a denial of service or other unspecified impact...

192.168.0.172 (=4.6.1), 2ch (>=0.1.0 <=0.1.3) +4061 more potentially affected by CVE-2022-25901 via cookiejar (>=1.0.5 <=2.1.2)

cookiejar NPM version =1.0.5, =0.1.0, =0.13.0, =0.0.2, =0.0.1, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.16.0, =0.1.1, =0.3.1 and more Source cves: CVE-2022-25901 Source advisory: OSV:GHSA-H452-7996-H45H...

CVE-2023-21858

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: Installation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative...

Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from not properly validating an input module name to...

Sewio Real-Time Location System (RTLS) Studio 信任管理问题漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. A security vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from hard-coded passwords containing selected users in the application database...

PT-2023-14209 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio

Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper input validation of user input to the service start, service stop, and service restart modules of the software. This coul...

PT-2023-8901

Name of the Vulnerable Software and Affected Versions Rack versions 1.5.0 through 2.0.9.1 Rack versions 2.1.0 through 2.1.4.1 Rack versions 2.2.0 through 2.2.6.1 Rack versions 3.0.0 through 3.0.0.0 Description A denial of service vulnerability in the Range header parsing component of Rack can cau...

PT-2023-34329 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.13 through 5.10.162 Description: A potential resource leak issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions 3.13 through 5.10.162...

PT-2023-33572 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.13 through v6.0.17 Description: The issue is related to out-of-bounds clock access in the phy: qcom-qmp-combo component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

VulnCheck KEV: CVE-2022-31474

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...

Inside Secure MatrixSSL 输入验证错误漏洞

Inside Secure MatrixSSL is an embedded, open-source SSLv3 stack designed for small applications and devices from Inside Secure, France. A security vulnerability exists in MatrixSSL versions 4.0.4 through 4.5.1 that stems from an integer overflow in matrixSslDecodeTls13. An attacker could exploit...

PT-2023-12362 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: The issue affects the DES implementation in the affected product versions, which use a default key for encryption. Successful exploitation allows an attacker to...

Tokio 安全漏洞

Tokio is a software library for the Rust programming language. It provides runtime and enabled asynchronous I / O functionality, thus allowing concurrency related to task completion. Tokio suffers from a security vulnerability that stems from its configuration of the Windows Named Pipes Server,...

PT-2023-14400 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 Description: The issue allows an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter...

IBM Business Automation Workflow 跨站请求伪造漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site request forgery vulnerability exists ...

Isode M-Link 安全漏洞

Isode M-Link is an Isode core instant messaging and status server based on the XMPP Extensible Messaging and Status Protocol standard from Isode UK. A security vulnerability exists in Isode M-Link versions R16.2v1 through R17.0v23, which stems from a vulnerability that allows unmanaged users to...