OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

UBUNTU-CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

PT-2026-22298

Name of the Vulnerable Software and Affected Versions OpenStack Vitrage versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0 Description A critical security issue exists in OpenStack Vitrage's query parser. An authenticated user with access to the Vitrage API can trigger code execution on the...

CLSA-2025-1757608893 c-ares: Fix of CVE-2016-5180

CVE-2016-5180: fix heap-based buffer overflow in the arescreatequery causing DoS...

SUSE CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

CVE-2017-11174

In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...

c-ares heap buffer overflow vulnerability

c-ares is a C library for asynchronous execution of DNS requests and name resolution. A heap buffer overflow vulnerability exists in the 'arescreatequery' function in versions c-ares 1.0.0 through 1.11.0. A remote attacker could exploit this vulnerability to cause a denial of service write across...