536 matches found
Input validation
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
UBUNTU-CVE-2023-0950
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...
PT-2023-2958 · Document Foundation +9 · Libreoffice +9
Name of the Vulnerable Software and Affected Versions: LibreOffice versions 7.4.0 through 7.4.5 LibreOffice versions 7.5.0 through 7.5.0 Description: The issue is related to an improper validation of array index in the spreadsheet component, allowing an attacker to craft a malicious spreadsheet...
SUSE CVE-2005-0244
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...
SUSE CVE-2017-12678
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file...
SUSE CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...
PT-2022-35485 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to the drm/meson driver in the Linux Kernel. It involves explicitly removing the aggregate driver at module unload time. The actual impact and attack plausibility have...
mariadb: Crash executing query with VIEW, aggregate and subquery
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW...
mariadb: Crash executing query with VIEW, aggregate and subquery
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW...
Ubuntu: Security Advisory (USN-369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious Package
Overview usaa-template-mocks-aggregate is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious code in usaa-template-mocks-aggregate (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c02da6001bfce43405f8bf2d1b55088f279cbc0d95e7badfd6f9178f1ffcd5f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software. Researcher Felix Krause, who outlined how Meta tracks users in a blog posted...
mariadb: Crash executing query with VIEW, aggregate and subquery
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW...
mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
MariaDB through 10.5.9 allows an application crash in subselectpostjoinaggr for a NULL value of aggr...
mariadb: Crash executing query with VIEW, aggregate and subquery
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW...
Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...
Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...
Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...