Out-of-bounds write vulnerability in multiple Adobe products (CNVD-2022-46974)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. An out-of-bounds write vulnerability exists in several Adobe products, which can be exploited by an attacker to execute arbitrary code ...

DEBIAN-CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

PYSEC-2022-190

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

[ASA-202204-9] python-django: sql injection

Arch Linux Security Advisory ASA-202204-9 ========================================= Severity: High Date : 2022-04-12 CVE-ID : CVE-2022-28346 CVE-2022-28347 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-2667 Summary ======= The package...

USN-5373-2 python-django vulnerabilities

USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra...

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

WordPress TinyMCE Annotate plugin <= 1.1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress TinyMCE Annotate plugin versions = 1.1.2. Solution No patched version available...

WordPress TinyMCE Annotate plugin <= 1.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress TinyMCE Annotate plugin versions = 1.1.2. Solution No patched version available...

SUSE: Security Advisory (SUSE-SU-2015:0834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2019-13301

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error...

PT-2019-2985 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-50 Q16 Description: The issue is related to memory leaks in the AcquireMagickMemory function due to an AnnotateImage error. It is also associated with the use of memory after it has been freed in components...

SuSE 11.3 Security Update : emacs (SAT Patch Number 10519)

Emacs has been updated to fix the following issues : - Several cases of insecure usage of temporary files. CVE-2014-3421 / CVE-2014-3422 / CVE-2014-3423 / CVE-2014-3424 - Use of vc-annotate for renamed files when using Git. bnc854683 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : deb / update-alternatives (openSUSE-SU-2012:1437-1)

Fix tmp issues in annotate-output bnc778291, CVE-2012-3500 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-757. The text description of this plugin is C SUSE LLC...

DEBIAN-CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...

CVE-2012-3500

CVE-2012-3500 is a local reliability issue in the annotate-output mechanism: scripts/annotate-output.sh in devscripts &lt; 2.12.2 (used by rpmdevtools

Redmine SCM Repository Arbitrary Command Execution

$Id: redminescmexec.rb 11414 2010-12-25 14:43:13Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVS Annotate Command Revision String Buffer Overflow (CVE-2005-0753)

Concurrent Versions System CVS is an open-source version control system. CVS allows access to source repository from local clients or from the remote clients over a network. There exists a buffer overflow vulnerability in the Concurrent Versions System CVS. This issue is caused by improper bounds...

Ubuntu 4.10 : cyrus21-imapd vulnerability (USN-87-1)

Sean Larsson discovered a buffer overflow in the IMAP 'annotate' extension. This possibly allowed an authenticated IMAP client to execute arbitrary code with the privileges of the Cyrus IMAP server. Note that Tenable Network Security has extracted the preceding description block directly from the...

security flaw

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via 1 an off-by-one error in the imapd annotate extension, 2 an off-by-one error in "cached header handling," 3 a stack-based buffer overflow in fetchnews, or 4 a stack-based buffer overflow in...

cyrus-imapd -- multiple buffer overflow vulnerabilities

The Cyrus IMAP Server ChangeLog states: Fix possible single byte overflow in mailbox handling code. Fix possible single byte overflows in the imapd annotate extension. Fix stack buffer overflows in fetchnews exploitable by peer news server, backend exploitable by admin, and in imapd exploitable b...