The vulnerability of the Microsoft SQL Server relational database management system, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft SQL Server relational database management system is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted SQL query remotely...

IBM DB2 SQL注入漏洞

IBM DB2 is a relational database management system. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from a denial-of-service vulnerability that stems from failure to properly handle incoming error messages, which can be exploite...

The vulnerability of software for unifying and simplifying access to Spring Data MongoDB databases, related to errors in processing SpEL expressions, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for unifying and simplifying access to Spring Data MongoDB databases is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SpEL query...

Cisco Secure Email and Web Manager (SMA) Information Disclosure (cisco-sa-esasma-info-dsc-Q9tLuOvM)

According to its self-reported version, Cisco Secure Email and Web Manager SMA is affected by an information disclosure vulnerability in the web management interface. This could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol...

KB5014354 - Description of the security update for SQL Server 2017 GDR: June 14, 2022

KB5014354 - Description of the security update for SQL Server 2017 GDR: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a speciall...

KB5014553 - Description of the security update for SQL Server 2017 CU29: June 14, 2022

KB5014553 - Description of the security update for SQL Server 2017 CU29: June 14, 2022 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary An...

DEBIAN-CVE-2022-27380

An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6.3 and lower that allows an attacker to cause a denial of service DoS via a speciall...

CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code...

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0 the known versions of this attack are infeasible. However undiscovered variants of the attack may be independent of that setting.

...

DEBIAN-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

ALPINE-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

AZL-8902 CVE-2021-3677 affecting package postgresql for versions less than 14.2-1

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g. is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

...

graphql-go 资源管理错误漏洞

graphql-go is an open source GraphQL server focused on ease of use. graphql-go has a security vulnerability that stems from a DoS vulnerability in versions prior to 1.3.0, likely due to a bug in the library. an attacker could exploit the vulnerability to cause a stack overflow panic using a...

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

CVE-2021-31380

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive...

CVE-2021-31381

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...

Design/Logic Flaw

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...