74 matches found
DRUPAL-CORE-2024-004
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues...
PT-2025-14094
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.20 MongoDB Server versions prior to 7.0.14 MongoDB Server versions prior to 7.3.4 Description A user authorized to access a view may be able to alter the intended...
python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django
A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...
CVE-2024-37820
A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...
python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django
A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...
Vitess vulnerable to infinite memory consumption and vtgate crash
Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select utf16 0xFF The source of the bug lies in the...
SUSE CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
DEBIAN-CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
CVE-2024-32879
Python Social Auth Django contains a vulnerability (CVE-2024-32879) where third-party authentication user IDs are not case-sensitive due to the database collation before version 5.4.1, allowing mismatched IDs to be treated as equal. The issue is mitigated by upgrading to 5.4.1, which fixes the im...
CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
CVE-2024-32879 social-auth-app-django Improper Handling of Case Sensitivity vulnerability
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...
PT-2024-2179 · Unknown +2 · Mysql Server +2
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.8.3 Description: The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim wi...
CVE-2023-23997
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...
CVE-2023-23997
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...
CVE-2023-23997
CVE-2023-23997 affects the WordPress Database Collation Fix plugin (
CVE-2023-23997 WordPress Database Collation Fix Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...
WordPress Plugin Database Collation Fix 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
Database Collation Fix < 1.2.8 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Dave Jesch Database Collation Fix plugin = 1.2.7 versions...