curl: Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO

Summary: A heap-buffer-overread occurs in Curl's parseconnecttostring function when using the CURLOPTCONNECTTO option with crafted input. This can lead to a segmentation fault and crash of the application, resulting in a denial-of-service. The issue is triggered by malformed host strings containi...

Security Bulletin: IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866)

Summary IBM Informix JDBC Driver is susceptible to remote code execution attack. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-27866 DESCRIPTION: IBM Informix JDBC Driver is susceptible to remote code execution attack via JNDI injection when driver code or the application...

CVE-2023-27866

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511...

CVE-2023-27866

CVE-2023-27866 affects IBM Informix JDBC Driver versions 4.10 and 4.50, with a remote code execution risk via JNDI injection when the LDAP URL in the Connect String is not verified. Affected software: Informix JDBC 4.10.x and 4.50.x. Root cause: unverified LDAP URL enabling JNDI injection. Impact...

PT-2023-21383 · Ibm · Ibm Informix Jdbc Driver

Name of the Vulnerable Software and Affected Versions: IBM Informix JDBC Driver versions 4.10 and 4.50 Description: The issue allows for remote code execution via JNDI injection when the driver code or the application using the driver does not verify the supplied LDAP URL in the Connect String...

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter...