Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

SUSE CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

...

DEBIAN-CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

ALPINE-CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

UBUNTU-CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

new packages: perl-Unicode-Collate

An update is available for perl-Unicode-Collate. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

PT-2022-3032 · Ntfs-3G +9 · Ntfs-3G +9

Name of the Vulnerable Software and Affected Versions: NTFS-3G versions through 2021.8.22 Description: The issue is related to a heap-based buffer overflow in the ntfs names full collate function of the NTFS-3G module for the NTFS file system. This can be exploited by using a specially crafted NT...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service...

Sql injection

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

Scientific Linux Security Update : sqlite on SL7.x x86_64 (20150817)

A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. CVE-2015-3414 It was found that SQLite's sqlite3VdbeExec function did not...

SQLite Denial of Service Vulnerability (CNVD-2015-02750)

SQLite is an open source C-based embedded relational database management system developed by American software developer D. Richard Hipp. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite versions prior to 3.8.9, which stem...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

DEBIAN-CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

Design/Logic Flaw

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

sqlite -- multiple vulnerabilities

NVD reports: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, a...