CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...

Siemens Polarion 访问控制错误漏洞

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release. Siemens Polarion ALM suffers from an Improper Access Control vulnerability due to a lack of proper access contr...

SUSE CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the ComposeQueryEngine function within UriQuery.c, which occurs when processing long keys or values. An attacker can execute arbitrary code or cause a denial of service by exploiting this buffer overflow condition...

AZL-43231 CVE-2024-34402 affecting package uriparser 0.9.7-2

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

AZL-43227 CVE-2024-34402 affecting package uriparser for versions less than 0.9.8-3

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

UBUNTU-CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

GHSA-2XXC-73FV-36F7 llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

PYSEC-2023-148

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

VulnCheck KEV: CVE-2015-7465

Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

CVE-2021-31158

The CVE affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1, where the Query Engine’s Common Table Expressions did not correctly enforce per-user permissions, allowing read access to resources beyond what a user is explicitly allowed. This impacts confidentiality (High) without integrity/availab...

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a...

IBM Jazz Reporting Service Information Disclosure Vulnerability (CNVD-2019-14395)

IBM Jazz Reporting Service JRS is a suite of applications for discovering cross-project reports from IBM USA. The program can be used in integration with IBM RationalCLM's Rational solution for managing all lifecycles of development projects. CLM users can access the reports provided by JRS in a...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2017-1490)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1490 DESCRIPTION: An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service could disclose highly sensitive information...