10 matches found
Allocation of Resources Without Limits or Throttling
Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Parser, ParseContext, and Rust parser match-tree handling in the parser components. An attacker can force excessive parse-tree grow...
Security Bulletin: IBM Data Studio client - CVE-2023-30441
Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks - Has been fixed in IBM Data Studio client 4.2.0. IBM strongly recommends addressing the vulnerability now by upgrading to release 4.2.0 Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment,...
Improper Encoding or Escaping of Output
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference affecting VerifyVoteExtension and vote verification functions. An attacker can cause intermittent validator panics and disrupt consensus operations by submitting a VoteExtension message with the blockhash field...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the processing of delete column statistics requests through the HMS Thrift APIs. An attacker can execute arbitrary SQL commands by sending specially crafted requests to the affected API endpoints. This is only...
PT-2025-48132
Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...
PYSEC-2024-236
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
PT-2022-17501 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 Description: The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, th...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. GET /checkout/shippingrates crashes the server when checkout step has already advanced from Delivery step using the web. Server crashes and needs to be restarted. Details Denial of Service DoS describes a family o...
PT-2019-14701 · Jenkins · Jenkins Google Compute Engine Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.1.1 and earlier Description: The issue allows man-in-the-middle attacks due to the lack of SSH host key verification when connecting agents created by the plugin. This enables potential attacker...