4901 matches found
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...
Nginx UI 代码注入漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...
Astra Linux – Vulnerability in SQLite
In SQLite version 3.22.0, databases whose schemas are corrupted using the CREATE TABLE AS statement could lead to a NULL pointer dereferencing issue, related to build.c and prepare.c...
Astra Linux – Vulnerability in SQLite3
A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...
Astra Linux – Vulnerability in SQLite3
SQLite 3.30.1 improperly handles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...
Astra Linux – Vulnerability in exim4
Exim 4.98 before 4.98.1 allowed remote SQL injection when SQLite hints and ETRN serialization were used. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...
Astra Linux – Vulnerability in SQLite3
SQLite 3.30.1 improperly handles certain SELECT statements involving a non-existent VIEW, resulting in an application crash...
Astra Linux – Vulnerability in SQLite3
The zipfileUpdate function in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during the update of a ZIP archive...
Astra Linux – Vulnerability in SQLite3
SQLite 3.30.1 improperly handles certain parser-tree rewrites, related to files expr.c, vdbeaux.c, and window.c. This issue is caused by incorrect error handling in the sqlite3WindowRewrite function...
Astra Linux – Vulnerability in Chromium
The use of after free in SQLite in Google Chrome before version 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in SQLite3
In SQlite 3.31.1, a potential null pointer derefrence was detected during the INTERSEC query processing...
Astra Linux – Vulnerability in SQLite3
In SQLite before version 3.32.3, select.c improperly handled the query-flattener optimization, resulting in a multiSelectOrderBy heap overflow due to the misuse of transitive properties for constant propagation...
Astra Linux – Vulnerability in SQLite3
In SQLite version 3.31.1, the ALTER TABLE implementation contains a use-after-free issue, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...
Astra Linux – Vulnerability in SQLite3
SQLite version 3.32.0 has an integer overflow issue in the sqlite3strvappendf function within printf.c...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.31.1, there is an out-of-bounds access issue involving the ALTER TABLE operation for views that contain nested FROM clauses...
Astra Linux – Vulnerability in SQLite3
SQLite version 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c...
Astra Linux – Vulnerability in SQLite3
SQLite version 3.31.1 allows attackers to cause a denial of service segmentation fault through a malformed window-function query, due to improper handling of the initialization of the AggInfo object...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.30.1, selectExpander in select.c continues with the WITH stack unwinding process even after a parsing error occurs...
Astra Linux – Vulnerability in SQLite3
The ext/misc/zipfile.c file in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded \0' characters in filenames, resulting in a memory-management error that can be detected using tools like valgrind...