CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

CVE-2024-29727 Multiple vulnerabilities in SportsNET

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , paramete...

CVE-2024-29729 Multiple vulnerabilities in SportsNET

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url...

CVE-2024-29729

CVE-2024-29729 affects SportsNET, version 4.0.1. The vulnerability is a SQL injection in the API endpoint at /app/ax/generateShortURL/ with the vulnerable parameter url, enabling an attacker to retrieve, update, and delete data in the database. Documented impact is high across confidentiality, in...

CVE-2024-29731

CVE-2024-29731 corresponds to a SQL injection vulnerability in SportsNET 4.0.1. The issue affects the vulnerable API endpoint /app/ax/checkBlindFields/ and can be exploited via crafted input in the parameters idChallenge and idEmpresa to retrieve, update, or delete all database information. Multi...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

CIGES 安全漏洞

CIGES is a queue and reservation management system from CIGES, Inc. A security vulnerability exists in CIGES versions prior to 2.15.5, which stems from a vulnerability that allows a remote attacker to send a specially crafted SQL query and retrieve all information stored in the database...

IBM DB2 DoS (7165338) (Windows)

According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment. Note that Nessus has not tested for this issue but has instead relied only ...

IBM Db2 Denial of Service Vulnerability (CNVD-2024-43199)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that can be exploited by an attacker to cause a...

Unspecified Vulnerability in IBM Db2 (CNVD-2024-43198)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 has a security vulnerability that can be exploited by an authenticated attacker to cause a deni...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2024-37529)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query. Vulnerability Details CVEID:CVE-2024-37529 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service with a specially crafted...

CVE-2024-37529

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295...

PT-2024-27630 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.1 and 11.5 Description: The issue allows an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation...

PT-2024-26330 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server versions 10.5, 11.1, and 11.5 Description: The issue is a denial of service vulnerability that can be triggered with a specially crafted query under certain...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that can be exploited by an attacker to cause a...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 has a security vulnerability that can be exploited by an authenticated attacker to cause a deni...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...

CVE-2024-33969

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in...

CVE-2024-33964

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...