Astra Linux - уязвимость в qtbase-opensource-src

Before Qt 6.4.3, a denial-of-service attack was possible due to a crafted string when using the SQL ODBC driver plugin, especially if the size of SQLTCHAR was 4. The affected versions include 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3...

EUVD-2026-26247

pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...

CVE-2022-24862

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

CVE-2024-28936

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

Update Rollup 6 for System Center 2019 Orchestrator

Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System Cent...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can explo...

CVE-2023-45825

CVEs and affected software: The issue affects ydb-go-sdk (Go native and database/sql driver for YDB) in versions from v3.48.6 up to v3.53.2. Root cause and impact: If a custom credentials object (implementing the Credentials interface) is logged via an error message, the object could be serialize...

SUSE-SU-2023:3225-1 Security update for qt6-base

This update for qt6-base fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt Network...

SUSE-SU-2023:3207-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt...

SUSE-SU-2023:2982-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS bsc1209616. - CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security HSTS header bsc1211797. - CVE-2023-32763: Fixed buffer overflow when rendering an SVG fil...

OESA-2023-1296 qt5-qtbase security update

This package provides base tools, such as string, xml, and network handling. Security Fixes: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and...

Update Rollup 1 for System Center 2022 Orchestrator

Update Rollup 1 for System Center 2022 Orchestrator Applies to Microsoft System Center 2022 Orchestrator UR1. Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions fo...

PT-2021-17176 · Apache +1 · Apache Druid +1

Name of the Vulnerable Software and Affected Versions: Apache Druid versions prior to 0.20.2 Description: The issue allows an attacker to execute arbitrary code from a malicious MySQL server within Druid server processes due to certain properties in the MySQL JDBC driver. This functionality is...

The vulnerability of the SQLDriverConnect function in the ODBC library for UNIX UnixODBC, related to an exception that triggers outside the allowed data buffer limits, allows a malicious actor to cause a service failure.

The vulnerability of the SQLDriverConnect function in the ODBC library for UNIX systems is related to buffer overflows caused by a long string in the FILEDSN option. Exploiting this vulnerability could allow an attacker to cause a service failure...

Update Rollup 2 for System Center 2019 Orchestrator

Update Rollup 2 for System Center 2019 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Map Published Data...

Update Rollup 1 for System Center Orchestrator 2019

Update Rollup 1 for System Center Orchestrator 2019 Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Events pane of the...

DEBIAN-CVE-2011-1145

The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...

Update Rollup 8 for System Center 2016 Orchestrator

Update Rollup 8 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Runbook performing SQ...

RHEL 6 : dovecot (RHSA-2019:2885)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2885 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and...