Linux Distros Unpatched Vulnerability : CVE-2020-27207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlciphercodecpragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can...

Linux Distros Unpatched Vulnerability : CVE-2022-27383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially crafted SQL...

CVE-2024-57626

An issue in the matjoin2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57617

An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36365

An issue in the sqltranscopykey component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36366

An issue in the logcreatedelta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service DoS via crafted SQL statements...

CVE-2023-38740

IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613...

CVE-2021-36690

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...

CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

CVE-2018-19461

admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php...

The vulnerability of the `qst_vec_get_int64` component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the qstvecgetint64 component in the Virtuoso-OpenSource web application development platform is related to the improper disabling or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted SQL...

The vulnerability of the psiginfo component in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the psiginfo component in the virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted SQL...

The vulnerability of the sqlg_hash_source component in the Virtuoso-OpenSource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqlghashsource component in the Virtuoso-opensource web application development platform is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending...

The vulnerability of the jp_add component in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the jpadd component in the Virtuoso-OpenSource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause a service failure by sending specially crafted SQL...

Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25)

Elasticsearch allocation of resources without limits or throttling leads to crash ESA-2024-25 An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. Affected...

Elastic Elasticsearch 安全漏洞

Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from the presence of unrestricted or throttled resource allocation, which could lead to a crash through the use of specially...

PT-2025-2666 · Unknown · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception, resulting in a crash via a specially crafted query using an SQL...

CVE-2024-55593

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries...

CVE-2024-57663

An issue in the sqlgplacedpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57657

An issue in the sqlgvecupd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...