Page 517 of 45911 results (0.063 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Las versiones del paquete mysql2 anteriores a la 3.9.4 son vulnerables a la ejecución remota de código (RCE) a través de la función readCodeFor debido a una validación incorrecta de los valores supportBigNumbers y bigNumberStrings. • https://blog.slonser.info/posts/mysql2-attacker-configuration https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21 https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805 https://github.com/sidorares/node-mysql2/pull/2572 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

No remote code execution is possible. • https://github.com/bigb0x/CVE-2024-36527 http://www.openwall.com/lists/oss-security/2024/04/18/2 https://libreswan.org/security/CVE-2024-3652 https://access.redhat.com/security/cve/CVE-2024-3652 https://bugzilla.redhat.com/show_bug.cgi?id=2274448 • CWE-404: Improper Resource Shutdown or Release CWE-617: Reachable Assertion •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . • https://github.com/Hebing123/cve/issues/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. • https://github.com/Hebing123/cve/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1

KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. • https://github.com/ewilded/CVE-2024-25376-POC https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •