OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

SQLite: Multiple Vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

GLSA-202311-03 : SQLite: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-03 SQLite: Multiple Vulnerabilities - An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. CVE-2021-31239 - SQLite through 3.40.0, when relying o...

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Guava is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP CVE-2020-8909, CVE-2023-2976. SQLite is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, WebSphere Liberty and Watson NLP CVE-2020-24736. Golang Go is used by IBM...

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product...

CVE-2023-47175

LuxCal Web Calendar (LuxSoft) is affected by a cross-site scripting (XSS) vulnerability (CVE-2023-47175) in versions prior to 5.2.4M (MySQL) and prior to 5.2.4L (SQLite). An unauthenticated remote attacker can execute arbitrary script in the web browser of a user accessing the product. Remediatio...

Fedora: Security Advisory for roundcubemail (FEDORA-2023-70578c5599)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-cf584ed77a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.5-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.5-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.5-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

piccolo SQL Injection via named transaction savepoints

Summary The handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection as user provided input is passed directly to connection.execute... via f-strings. Details An excerpt of the Postgres savepoint handling: python async def savepointself, name:...

OESA-2023-1792 sqlite-jdbc security update

SQLite JDBC, is a library for accessing and creating SQLite database files in Java. Security Fixes: SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2023-3160)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : sqlite (RLSA-2022:7108)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7108 advisory. - In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVE-2020-35525 - In SQLite 3.31.1, there is an out...

Rocky Linux 9 : sqlite (RLSA-2023:0339)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0339 advisory. - SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

Rocky Linux 8 : sqlite (RLSA-2021:4396)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4396 advisory. - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a...

Rocky Linux 8 : sqlite (RLSA-2021:1581)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1581 advisory. - SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c. CVE-2020-13434 - In SQLite before 3.32.3, select.c mishandles...