4 matches found
GHSA-9CQ8-3V94-434G PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...
SUSE CVE-2023-38711
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with IDIPV4ADDR or IDIPV6ADDR receives an IDcr payload with IDFQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6...
CVE-2014-2891
strongSwan before 5.1.2 allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon crash via a crafted IDDERASN1DN ID payload...
DEBIAN-CVE-2004-0184
Integer underflow in the isakmpidprint for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service crash via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as...