Lucene search
K

586 matches found

RedHat Linux
RedHat Linux
added 2022/03/16 3:22 p.m.2 views

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

6.5CVSS5.8AI score0.01177EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2022/03/11 8:0 a.m.2 views

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0 the known versions of this attack are infeasible. However undiscovered variants of the attack may be independent of that setting.

...

6.5CVSS7.2AI score0.0142EPSS
Exploits0
OSV
OSV
added 2022/03/02 11:15 p.m.2 views

ALPINE-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.4AI score0.0142EPSS
Exploits0References1
OSV
OSV
added 2022/03/02 11:15 p.m.2 views

DEBIAN-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS7.1AI score0.0142EPSS
Exploits0References1
OSV
OSV
added 2022/03/02 11:15 p.m.7 views

AZL-8902 CVE-2021-3677 affecting package postgresql for versions less than 14.2-1

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.9AI score0.0142EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/02/10 8:0 a.m.4 views

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g. is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

...

7.5CVSS5.1AI score0.03898EPSS
Exploits1
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.5 views

graphql-go 资源管理错误漏洞

graphql-go is an open source GraphQL server focused on ease of use. graphql-go has a security vulnerability that stems from a DoS vulnerability in versions prior to 1.3.0, likely due to a bug in the library. an attacker could exploit the vulnerability to cause a stack overflow panic using a...

6.5CVSS5.7AI score0.01243EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/10/25 6:38 a.m.2 views

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...

6.5CVSS5.8AI score0.01177EPSS
Exploits0References5
OSV
OSV
added 2021/10/19 7:15 p.m.4 views

CVE-2021-31381

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...

9.1CVSS5.8AI score0.01121EPSS
Exploits0References1
OSV
OSV
added 2021/10/19 7:15 p.m.6 views

CVE-2021-31380

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive...

5.3CVSS5.7AI score0.01101EPSS
Exploits0References1
Prion
Prion
added 2021/10/19 7:15 p.m.18 views

Design/Logic Flaw

A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...

6.4CVSS8.9AI score0.01121EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.3 views

Red Hat JBoss Application Server 安全漏洞

Red Hat JBoss Application Server is a U.S. Red Hat Red Hat company based on Java EE open source application server. The product features ultra-fast startup, lightweight, modular design, hot and parallel deployment, concise management, domain management, and first class components. A security...

9.1CVSS8.3AI score0.01121EPSS
Exploits0References2
OSV
OSV
added 2021/09/21 7:13 a.m.54 views

RLSA-2021:3590 Moderate: mysql:8.0 security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.26. BZ1996693 Security Fixes: mysql: Server: Stored Procedure multiple...

7.2CVSS7.9AI score0.41478EPSS
Exploits3References142
Prion
Prion
added 2021/09/01 3:15 p.m.20 views

Authentication flaw

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate...

7.5CVSS9.3AI score0.01555EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/12 12:0 a.m.1 views

UBUNTU-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.9AI score0.0142EPSS
Exploits0References3
OSV
OSV
added 2021/05/28 3:15 p.m.1 views

DEBIAN-CVE-2021-3514

When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...

6.5CVSS6.7AI score0.01177EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/05/28 3:15 p.m.29 views

CVE-2021-3514

When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References3
OSV
OSV
added 2021/05/28 3:15 p.m.0 views

UBUNTU-CVE-2021-3514

When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.2 views

389-ds-base 代码问题漏洞

389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A security vulnerability exists in 389-ds-base that stems from the fact that when using the Synchronized REPL client, an authenticated...

6.5CVSS6.7AI score0.01177EPSS
Exploits0References16
MongoDB
MongoDB
added 2021/04/30 12:0 a.m.228 views

Specially crafted query may result in a denial of service of mongod

A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4...

6.5CVSS4.4AI score0.00948EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder