398 matches found
NESP2 SQL Injection Vulnerability
NESP2 is a web map open source by Reiner Lemoine Institut. NESP2 suffers from a SQL injection vulnerability that stems from a SQL injection problem in app/database.py...
libreoffice: Arbitrary file write
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...
RHEL 9 : ncurses (RHSA-2023:6698)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6698 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...
Medium: libreoffice
Issue Overview: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. CVE-2023-1183 Affected Packages:...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.22...
The vulnerability of the library for accessing and creating SQLite JDBC files is related to improper code generation. This allows an attacker to execute arbitrary code.
The vulnerability of the library for accessing and creating SQLite JDBC files is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2699)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-30259
A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file...
UBUNTU-CVE-2023-30259
A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file...
PT-2023-22609 · Librecad +2 · Importshp +3
Name of the Vulnerable Software and Affected Versions: LibreCAD version 2.2.0 Description: A Buffer Overflow issue in the importshp plugin allows attackers to obtain sensitive information via a crafted DBF file. Recommendations: For LibreCAD version 2.2.0, at the moment, there is no information...
CrossX 资源管理错误漏洞
CrossX is a Box management system from CrossX. A security vulnerability exists in CrossX version v.1.15.3. A local attacker could exploit this vulnerability to cause a denial of service to the system via a database file...
CrossX 安全漏洞
CrossX is a Box management system from CrossX. A security vulnerability exists in CrossX version v.1.15.3. A local attacker exploited the vulnerability to cause privilege escalation via a database file...
Wave Studio Animated Keyboard Emoji 安全漏洞
Wave Studio Animated Keyboard Emoji is an animated keyboard emoji application from Wave Studio, Inc. A security vulnerability exists in Wave Studio Animated Keyboard Emoji version v.1.70.7, which originates from a code execution via a database file can elevate privileges...
edjing Mix 资源管理错误漏洞
edjing Mix is a virtual DJ professional edition from edjing. A security vulnerability exists in edjing Mix version v.7.09.01 that could allow a local attacker to cause a denial of service via a database file...
CVE-2023-29128
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...
Siemens SIMATIC Cloud Connect 路径遍历漏洞
SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. A path traversal vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be exploited by a...
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...
SUSE CVE-2019-16226
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
SUSE CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...
PT-2023-10233 · Unknown · Githuis P2Manage
Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...