61 matches found
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 6.0.18, 7.0...
Routinator infinite loop vulnerability
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...
UBUNTU-CVE-2021-43114
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation...
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set elements. The issue results from the lac...
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of data set descriptors. The issue results fro...
Actionable Searching and Data Download with Vulnerability Management Dashboards
Qualys is introducing the ability to download data from your vulnerability management dashboards. With Qualys Vulnerability Management Dashboards, you can use Qualys Query Language QQL to query the data in your subscription and build vulnerability- and asset-centric dashboards that show your...
Important: Red Hat Security Advisory: redis security update
An update for redis is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: redis:5 security update
An update for the redis:5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)
This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance bsc1122293 - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing bsc1122299 - Better route routing ...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...
CVE-2017-1082
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if th...
CVE-2017-1082
Removed by vendor...
UBUNTU-CVE-2018-16435
Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...
kernel: Oops in shash_async_export()
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
Sql injection
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
CVE-2016-4999
CVE-2016-4999 applies to Dashbuilder prior to 0.6.0.Beta1, where a SQL injection flaw exists in getStringParameterSQL (DefaultDialect.java) that can allow remote attackers to execute arbitrary SQL via a data set lookup filter in the Data Set Authoring or Displayer editor UI. Multiple records (NVD...
CVE-2016-4999
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...
Dashbuilder: SQL Injection on data set lookup filters
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...