Amazon Athena ODBC Driver < 2.0.5.1 Command Injection (Linux)

The version of Amazon Athena ODBC Driver installed on the remote Linux host is prior to 2.0.5.1. It is, therefore, affected by a vulnerability: - OS command injection in the browser-based authentication component might allow a threat actor to execute arbitrary code by using specially crafted...

EUVD-2026-18851

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of special elements in the authentication...

CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

CVE-2022-40480

Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service DoS via a crafted ConReq packet...

The vulnerability of the Qlik Sense Enterprise data analysis platform, related to errors in processing input data from higher-level components, allows a perpetrator to execute arbitrary code.

The vulnerability of the Qlik Sense Enterprise data analysis platform is related to errors in processing input data from higher-level components. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating specially crafted connection objects remotely...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process when an attacker submits a JSON document containing a crafted connectionurl property. An attacker can execute arbitrary commands and read files by supplying a malicious JD...

USN-6834-1 h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary...

SUSE CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

The vulnerability of the Layer 2 Tunneling Protocol (L2TP) implementation in Microsoft Windows allows a hacker to execute arbitrary code.

The vulnerability of the Layer 2 Tunneling Protocol L2TP implementation in Microsoft Windows operating systems stems from the fact that the operation is performed outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a special...

The vulnerability of the Layer 2 Tunneling Protocol (L2TP) implementation in Microsoft Windows allows a hacker to execute arbitrary code.

The vulnerability of the Layer 2 Tunneling Protocol L2TP implementation in Microsoft Windows operating systems relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted connection request to the...

PT-2023-1044 · Microsoft · Windows L2Tp +1

Name of the Vulnerable Software and Affected Versions: Windows Layer 2 Tunneling Protocol L2TP affected versions not specified Description: The issue is related to a buffer overflow in the implementation of the Layer 2 Tunneling Protocol L2TP in Microsoft Windows. It can be exploited by sending a...

USN-5365-1 h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

The vulnerability in the implementation of the TLS protocol in Google Chrome allows a perpetrator to compromise data integrity.

The vulnerability in the implementation of the TLS protocol in Google Chrome relates to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created TLS connection...

CVE-2018-15396

A vulnerability in the Bulk Administration Tool BAT for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the affected software does not restrict the maximum size of...

CVE-2018-0139

A vulnerability in the Interactive Voice Response IVR management connection interface for Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service DoS condition. The vulnerability is...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...

Juniper Networks vSRX virtual firewall denial of service vulnerability

Juniper Networks vSRX virtual is a firewall emulator product from Juniper Networks, Inc. A security vulnerability exists in the PFE daemon in the Juniper Networks vSRX virtual firewall used in Junos OS versions prior to 15.1X49-D20. A remote attacker could exploit this vulnerability to cause a...

Null pointer dereference

X.Org X Window System aka X11 and X X11R5 and X.Org Server aka xserver and xorg-server before 1.16.3, when using SUN-DES-1 Secure RPC authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service NULL pointer dereference a...