586 matches found
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0 the known versions of this attack are infeasible. However undiscovered variants of the attack may be independent of that setting.
...
ALPINE-CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
DEBIAN-CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
AZL-8902 CVE-2021-3677 affecting package postgresql for versions less than 14.2-1
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g. is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
...
graphql-go 资源管理错误漏洞
graphql-go is an open source GraphQL server focused on ease of use. graphql-go has a security vulnerability that stems from a DoS vulnerability in versions prior to 1.3.0, likely due to a bug in the library. an attacker could exploit the vulnerability to cause a stack overflow panic using a...
389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...
CVE-2021-31381
A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...
CVE-2021-31380
A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive...
Design/Logic Flaw
A configuration weakness in the JBoss Application Server AppSvr component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system...
Red Hat JBoss Application Server 安全漏洞
Red Hat JBoss Application Server is a U.S. Red Hat Red Hat company based on Java EE open source application server. The product features ultra-fast startup, lightweight, modular design, hot and parallel deployment, concise management, domain management, and first class components. A security...
RLSA-2021:3590 Moderate: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.26. BZ1996693 Security Fixes: mysql: Server: Stored Procedure multiple...
Authentication flaw
webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate...
UBUNTU-CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
DEBIAN-CVE-2021-3514
When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...
CVE-2021-3514
When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...
UBUNTU-CVE-2021-3514
When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...
389-ds-base 代码问题漏洞
389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A security vulnerability exists in 389-ds-base that stems from the fact that when using the Synchronized REPL client, an authenticated...
Specially crafted query may result in a denial of service of mongod
A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4...