PT-2024-8678 · FFmpeg · Ffmpeg

Name of the Vulnerable Software and Affected Versions: FFmpeg version 7.0 Description: The issue is related to a heap-buffer-overflow in the copy column function of the libavfilter/vf tiltandshift.c file in the FFmpeg multimedia library. This can allow an attacker to execute arbitrary code...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version 7.0, which stems from a boundary error in the copycolumn parameter of libavfilter/vftiltandshift.c:189:5 when handling untrusted...

CVE-2024-25041

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting XSS. A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780...

CVE-2024-25041 IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting XSS. A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Assistant. IBM X-Force ID: 282780...

GO-2024-2517 Grafana XSS in header column rename in github.com/grafana/grafana

Grafana XSS in header column rename in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

GO-2024-2516 Grafana XSS via a column style in github.com/grafana/grafana

Grafana XSS via a column style in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit...

PT-2024-20714 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.2 Description: The issue is related to cross site scripting XSS due to improper validation of column headings in Cognos Assistant. A remote attacker could execute malicious commands...

Mass Assignment

Laravel is vulnerable to Mass Assignment. The vulnerability is due to insufficient column quoting for all database drivers, which could allow attackers to perform unauthorized mass assignment operations. If using guarded and passing a user-controlled array into an "update" or "save" function,...

Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...

PT-2024-13958 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.10 Description: The issue allows an authenticated attacker with create access to conduct a SQL Injection attack on MySQL DB using an unescaped table name. This may result in leakage of sensitive data in the...

CVE-2023-41651

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26...

CVE-2023-41651 WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26...

CVE-2023-41651 WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26...

WordPress plugin Multi-column Tag Map 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-12950 · Unknown · Multi-Column Tag Map

Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map versions n/a through 17.0.26 Description: The issue is related to a Missing Authorization vulnerability in the Multi-column Tag Map. Recommendations: For versions n/a through 17.0.26, update to a version later than 17.0.2...

Beekeeper Studio 安全漏洞

Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio version 4.1.13 and prior versions. A remote attacker can exploit this vulnerability to...

PT-2024-20223 · Unknown · Beekeeper Studio

Name of the Vulnerable Software and Affected Versions: Beekeeper Studio versions 4.1.13 and earlier Description: The issue allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. This is a Cross Site Scripting XSS issue...

CVE-2023-52646 aio: fix mremap after fork null-deref

In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...

CVE-2024-29968 SQL Table names, column names, and SQL queries are collected in DR standby Supportsave

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access...

CVE-2024-24389

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...