31 matches found
Astra Linux – Vulnerability in SQLite3
The ext/fts3/fts3.c file in SQLite before version 3.32.0 contains a use-after-free in the fts3EvalNextRow function, which is related to the snippet feature...
Astra Linux – Vulnerability in SQLite3
SQLite version 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c...
Command Injection
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by supplying specially...
Linux Distros Unpatched Vulnerability : CVE-2026-28291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option...
PT-2026-32486
Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.32.0 Description The library allows the execution of arbitrary commands through the manipulation of Git options. This occurs because the unsafe operations plugin uses a regular-expression-based blocklist to preve...
Linux Distros Unpatched Vulnerability : CVE-2019-11459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from...
F5 Networks BIG-IP : SQLite vulnerability (K000148494)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148494 advisory. SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c...
openSUSE Security Advisory (SUSE-SU-2024:2786-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:2766-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:2786-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
...
WordPress YITH WooCommerce Wishlist Plugin <= 3.32.0 is vulnerable to Cross Site Scripting (XSS)
Software YITH WooCommerce Wishlist Type Plugin Vulnerable versions = 3.32.0 Fixed in 3.33.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34385 Patch priority Low CVSS severity Low 5.9 Developer YITH PSID 293b2a23f462 Credits savphill Required privilege...
CVE-2024-28251
Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...
Querybook Data Falsification Issue Vulnerability
Querybook is an open source big data query UI for Pinterest. A data forgery issue vulnerability exists in Querybook versions prior to 3.32.0, which stems from the presence of cross-site websocket hijacking that allows an attacker to read/edit/delete a user's data document...
PT-2024-22367 · Querybook · Querybook
Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.32.0 Description: The issue concerns Querybook, a Big Data Querying UI that combines collocated table metadata and a simple notebook interface. Querybook's datadocs functionality uses a Websocket Server, allowing...
matrix-react-sdk 跨站脚本漏洞
matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. A cross-site scripting vulnerability exists in matrix-react-sdk versions 3.32.0 through 3.76.0, which stems from the Export Chat feature containing certain attacker-controlled elements in...
SQLite < 3.32.0 Multiple Vulnerabilities
SQLite is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
BSA-2020-945
Security Advisory ID : BSA-2020-945 Component : SQLite Revision : 1.0 Various SQLite issues seen in SQLite versions through 3.31.1. CVE-2020-11656 - CVSS3.1 - 9.8 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a...
SQLite Resource Management Error Vulnerability (CNVD-2020-31117)
SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A resource management error vulnerability exists in the 'snippet'...
SQLite Unauthorized Operation Vulnerability
SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. There is a security vulnerability in versions prior to SQLite 3.32.0...