Adobe Acrobat Reader Out-of-Bounds Read Vulnerability (CNVD-2023-62953)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

Adobe Acrobat Reader Out-of-Bounds Read Vulnerability (CNVD-2023-71746)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

WordPress TinyMCE Annotate Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software TinyMCE Annotate Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c0657a55b6a4 Credits Rafie Muhammad Patchstack Require...

SUSE CVE-2005-0546

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via 1 an off-by-one error in the imapd annotate extension, 2 an off-by-one error in "cached header handling," 3 a stack-based buffer overflow in fetchnews, or 4 a stack-based buffer overflow in...

SUSE CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

DEBIAN-CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

UBUNTU-CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

SQL Injection

Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of comments passed via annotate, optimzerhints methods, or via the QueryLogs interface, which adds annotations automatically. Exploiting this...

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

GSD-2022-1007549 kcm: annotate data-races around kcm->rx_wait

kcm: annotate data-races around kcm-rxwait This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.298 by commit...

GSD-2022-1007547 kcm: annotate data-races around kcm->rx_psock

kcm: annotate data-races around kcm-rxpsock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.298 by commit...

GSD-2022-1007462 kcm: annotate data-races around kcm->rx_wait

kcm: annotate data-races around kcm-rxwait This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.264 by commit...

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

GSD-2022-1003094 x86/sev: Annotate stack change in the #VC handler

x86/sev: Annotate stack change in the VC handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

Out-of-bounds read vulnerability in multiple Adobe products (CNVD-2022-43383)

Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Multiple Adobe products have out-of-bounds read vulnerabilities that can be exploited by an attacker to execute arbitrary code in the...

The vulnerability of the implementations of the QuerySet.annotate(), aggregate(), and extra() methods in the Django web application framework allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the implementation of the QuerySet.annotate, aggregate, and extra methods in the Django software platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...

Django SQL Injection Vulnerability (CNVD-2022-31838)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...