| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. |
| MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. |
| MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. |
| MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). |
| MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. |
| save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. |
| get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. |
| An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance. |
| The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially. |
| The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. |
| In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. |
| An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. |
| An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic. |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22. |
