EUVD-2010-0877

Malware in sbrugna...

CVE-2024-41436

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...

CVE-2024-41436

CVE-2024-41436 affects ClickHouse v24.3.3.102, with a buffer overflow in the DB::evaluateConstantExpressionImpl component. Public documents consistently describe this as a vulnerability leading to potential availability impact (CVSS v3.1: 7.5) with network attack vector and no user interaction. T...

SQL Injection

zendframework/zendframework is vulnerable to SQL injection. The vulnerability is due to a flaw in the quoteValue and quoteValueList methods of the Zend\Db component, which did not account for all possible escapable characters, leading to improper quoting of values for SQL strings...

GHSA-X2F4-8WXF-W3VF ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue and quoteValueList, allow users to manually quote values for creating SQL statements; these are in turn consumed by...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-2329)

Summary An Oracle database server vulnerability has been addressed by IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2021-2329 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the XML DB component could allow an authenticated attacker to take...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-2329)

Summary An Oracle database server vulnerability has been addressed by IBM Emptoris Strategic Supply Management Platform. Vulnerability Details CVEID: CVE-2021-2329 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the XML DB component could allow an authenticated...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-04765)

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the InnoDB component of Oracle MySQL Server 5.6.50, 5.7.32, 8.0.22 and...

Unspecified Vulnerability in Oracle Java SE (CNVD-2018-13569)

Java SE is the Java Platform Standard Edition, for the development and deployment of desktop, server and embedded devices and real-time environment of Java applications. An unspecified vulnerability exists in the Java DB component of Oracle Java SE 6u191, 7u181, 8u172. An attacker could exploit...