117 matches found
PT-2022-3332 · Mariadb +9 · Mariadb +10
Name of the Vulnerable Software and Affected Versions: MariaDB versions v10.2 through v10.6.1 Description: The issue is related to a buffer overflow in the Item subselect::init expr cache tracker function of the MariaDB database management system. This can be exploited by a remote attacker to...
UBUNTU-CVE-2022-23943
Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...
Oracle GraalVM Input Validation Error Vulnerability
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...
The vulnerability of the Ansible configuration management system, related to insecure temporary files, allows a hacker to access confidential data.
The vulnerability of the Ansible configuration management system is related to insecure temporary files. Exploiting this vulnerability could allow an attacker to access confidential data...
CVE-2021-44041
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...
CVE-2020-16030
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
DEBIAN-CVE-2020-8620
In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...
SQL Injection Vulnerability in Thunderwind Movie Ne***.php Page
Thunderwind CMS is a video-on-demand system developed with Thinkphp framework + Mysql. Thunderwind Movie Ne.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in seacms backend ad***_da***.php file
seacms ocean film and television management system, ocean cms is based on PHP + MySql technology development of video on demand system. seacms background adda.php file SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...
DEBIAN-CVE-2019-16224
An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
UBUNTU-CVE-2019-16226
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
UBUNTU-CVE-2019-16227
An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
PT-2019-14588
Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97 Description An issue was discovered in py-lmdb where for certain values of mp flags, mdb page touch does not properly set up mc-mc pgmc-top, leading to an invalid write operation. This issue occurs when accessing a data.md...
Cisco Industrial Network Director Encryption Issue Vulnerability
Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cryptographic issue vulnerability exists in the Web Services Management Agent WSMA feature in Cisco IN...
UBUNTU-CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...