Lucene search
+L

4339 matches found

NVD
NVD
added yesterday7 views

CVE-2024-58370

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2024-58365

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday9 views

CVE-2024-58368

SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server...

8.7CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2024-58359

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday10 views

CVE-2024-58358

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2024-58361

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2024-55686

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58370

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2024-55684

SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server...

8.7CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2024-58369

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service...

7.1CVSS5.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58368

SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server...

8.7CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2024-55681

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58365

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2024-55680

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2024-55677

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58361

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday17 views

CVE-2024-58359 SurrealDB before 2.1.0 Denial of Service via rand() Sorting

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2024-55675

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server...

6.9CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58359

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...

7.1CVSS5.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2024-58358

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server...

6.9CVSS5.3AI score
Exploits0References3
Rows per page
Query Builder