Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via integer wraparound in the allocation process. An attacker can execute arbitrary code or cause a segmentation fault by providing specially crafted, large-scale inputs to database functions. Remediation ...

Apache Superset Security Bypass Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...

Uncontrolled Search Path Element

Overview aws-advanced-nodejs-wrapper is a Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating...

EUVD-2003-0025

Malware in sbrugna...

Security Bulletin: Vulnerability in Apache Derby affects watsonx.data

Summary Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attack...

Security Bulletin: Vulnerability in Apache Derby affects IBM Cloud Pak System [CVE-2022-46337]

Summary Vulnerability in Apache Derby affects IBM Cloud Pak System CVE-2022-46337 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by ...

Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a...

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

phpx324.txt

PHPX 3.2.4 http://www.phpx.org Versions Affected: PHPX 2.x - 3.2.4 Type of bug: Session Hi-jacking/Admin Access via Cookies Impact: Ability to steal another users account Found-by: HelloWorld Ryan Wray Vendor: Notified Table Of Contents ===================== 1 The Program 2 The Problem 3 The Proo...