CVE-2022-1292

<= 8.0.29

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so

7.3HIGH

CVE-2022-23308

<= 8.0.29

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2022-21824

<= 8.0.28

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "

8.2HIGH

CVE-2021-44533

<= 8.0.28

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers

5.3MEDIUM

CVE-2021-44532

>= 8.0.0 and <= 8.0.28

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this s

5.3MEDIUM

CVE-2021-44531

<= 8.0.28

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can r

7.4HIGH

CVE-2021-3634

<= 8.0.27

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime

6.5MEDIUM

CVE-2021-3712

<= 8.0.26

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat

7.4HIGH

CVE-2021-3517

<= 8.0.26

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a

8.6HIGH

CVE-2021-3518

<= 8.0.26

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2021-3537

<= 8.0.26

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2021-3450

<= 8.0.23

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not

7.4HIGH

CVE-2021-3449

<= 8.0.23

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego

5.9MEDIUM

CVE-2021-20227

<= 8.0.26

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL

5.5MEDIUM

CVE-2020-24977

<= 8.0.26

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The

6.5MEDIUM

CVE-2020-13871

<= 8.0.22

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late

7.5HIGH

CVE-2020-1967

<= 8.0.21

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL

7.5HIGH

CVE-2020-1730

<= 8.0.21

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) cipher

5.3MEDIUM

CVE-2020-11656

<= 8.0.22

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs

9.8CRITICAL

CVE-2020-11655

<= 8.0.22

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec

7.5HIGH

CVE-2020-9327

<= 8.0.22

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of

7.5HIGH

CVE-2020-7595

<= 8.0.26

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5HIGH

CVE-2019-20388

<= 8.0.26

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5HIGH

CVE-2019-20218

<= 8.0.19

selectExpander in select.c in SQLite 3.30.1 proceeds with stack unwinding even after a parsing error.

7.5HIGH

CVE-2019-19925

<= 8.0.19

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

7.5HIGH

CVE-2019-19924

<= 8.0.19

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sq

5.3MEDIUM

CVE-2019-19923

<= 8.0.19

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-h

7.5HIGH

CVE-2019-19926

<= 8.0.19

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRew

7.5HIGH

CVE-2019-19880

<= 8.0.19

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant intege

7.5HIGH

CVE-2019-14889

<= 8.0.19

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client

8.8HIGH

CVE-2019-19646

<= 8.0.19

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

9.8CRITICAL

CVE-2019-19603

<= 8.0.19

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

7.5HIGH

CVE-2019-19645

<= 8.0.19

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in con

5.5MEDIUM

CVE-2019-19317

<= 8.0.19

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attac

9.8CRITICAL

CVE-2019-19242

<= 8.0.19

SQLite 3.30.1 mishandles pExpr-y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

5.9MEDIUM

CVE-2019-19244

<= 8.0.19

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has ce

7.5HIGH

CVE-2019-10219

< 8.0.27

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2018-14550

<= 8.0.23

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the func

8.8HIGH

CVE-2019-1559

<= 8.0.16

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to

5.9MEDIUM

CVE-2018-10933

<= 8.0.13

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create c

9.1CRITICAL

CVE-2018-2598

<= 6.3.10

Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions

3.7LOW

CVE-2017-3469

<= 6.3.8

Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported version

3.7LOW