PT-2022-20925 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.1.2 Description: The issue is related to improper input validation in HTTP/2 header parsing, allowing an attacker to smuggle requests. Recommendations: For Apache Traffic Server versions 8.0.0...

PT-2022-18829

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 8.0.0 through 9.1.2 Description The issue is related to improper input validation in HTTP/1.1 header parsing, allowing an attacker to send invalid headers. Recommendations For Apache Traffic Server versions 8.0.0...

PT-2022-10635 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.1.2 Description: The issue is related to improper input validation in the header parsing of Apache Traffic Server, allowing an attacker to request secure resources. Recommendations: For Apache...

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

africa.absa:inception-application (>=1.0.0 <=1.2.0), asia.990121:message-example (=1.0.0) +2915 more potentially affected by CVE-2022-2053 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.18.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0, =1.0, =0.1.0, =2.1.0.M35, =2.1.0.M35, =2.2.0.M7 and more Source cves: CVE-2022-2053 Source advisory: OSV:GHSA-95RF-557X-44G5...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.11.2), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.11.2) +5 more potentially affected by CVE-2022-27166 +1 more via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.11.2)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.2 Source cves: CVE-2022-27166, CVE-2022-28732 Source advisory: OSV:GHSA-2FXF-QJ94-3F83...

PostgreSQL JDBC Driver SQL注入漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure...

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...

mariadb: server crash in Item_args::walk_args

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemargs::walkargs...

4i18n-cli (>=0.0.2 <=0.0.7), @about7sharks/get-articles (>=0.0.1 <=0.0.22) +114 more potentially affected by CVE-2022-2596 via node-fetch (>=3.0.0 <=3.2.1)

node-fetch NPM version =3.0.0, =0.0.2, =0.0.1, =1.1.0, =1.273.2, =1.0.0, =7.0.0, =2.14.0, =0.9.0, =0.10.1, =0.5.1, =0.7.0 and more Source cves: CVE-2022-2596 Source advisory: OSV:GHSA-VP56-6G26-6827...

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +19 more potentially affected by unknown CVE via scrapy (>=1.3.3 <=1.8.0)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.5, =0.1.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9X8M-2XPF-CRP3...

flipper-server (>=0.171.1 <=0.212.0), flipper-server-core (>=0.171.1 <=0.212.0) potentially affected by unknown CVE via flipper-server-companion (>=0.171.1 <=0.212.0)

flipper-server-companion NPM version =0.171.1, =0.171.1, =0.171.1, =0.212.0 Source cves: unknown CVE Source advisory: OSV:MAL-2022-3077...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE that stems from allowing projec...

CVE-2022-31775

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...

automaat-processor-git-clone (=0.1.0), automaat-processor-http-request (=0.1.0) +49 more potentially affected by CVE-2022-31173 via juniper (>=0.10.0 <=0.15.1)

juniper CARGO version =0.10.0, =0.3.0-development-1, =0.3.0-development-1, =0.3.0-development-1, =0.3.0-development-1, =0.3.0-development-2 and more Source cves: CVE-2022-31173 Source advisory: OSV:RUSTSEC-2022-0038...

CVE-2022-36953

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

PT-2022-23703 · Veritas · Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 9.0.0.1 through 9.1.0.1 Description: The issue allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. Recommendations: For...

4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1274 more potentially affected by CVE-2022-31172 via @openzeppelin/contracts (>=4.1.0 <=4.7.0)

@openzeppelin/contracts NPM version =4.1.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31172 Source advisory: OSV:GHSA-4G63-C64M-25W9...

CVE-2022-21568

Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite component: Access Request. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successfu...