16 matches found
EUVD-2026-35854
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013573)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013573 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a smb3: add smb3.1....
GHSA-GPJ5-G38J-94V9 Drizzle ORM has SQL injection via improperly escaped SQL identifiers
Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...
CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.
Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...
EUVD-2022-55839
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
Protocol Dialects As Formal Patterns: a Composable Theory of Lingos -- Technical Report
Protocol dialects are methods for modifying protocols that provide light-weight security, especially against easy attacks that can lead to more serious ones. A lingo is a dialect's key security component by making attackers unable to "speak" the lingo. A lingo's "talk" changes all the time,...
ontariodialects.chass.utoronto.ca Cross Site Scripting vulnerability OBB-3573492
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Fedora: Security Advisory for librime (FEDORA-2022-18023b665f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 37 Update: librime-1.7.3-3.fc37
Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...
[SECURITY] Fedora 36 Update: librime-1.7.3-2.fc36
Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...
SQL Injection
sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not properly escape the JSON path key provided by user using mariadb dialects in query-generator.js...
[SECURITY] Fedora 27 Update: librime-1.2-18.fc27.1
Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...
smb-protocols NSE Script
Attempts to list the supported protocols and dialects of a SMB server. The script attempts to initiate a connection using the dialects: NT LM 0.12 SMBv1 2.0.2 SMBv2 2.1 SMBv2 3.0 SMBv3 3.0.2 SMBv3 3.1.1 SMBv3 Additionally if SMBv1 is found enabled, it will mark it as insecure. This script is the...
smb2-security-mode NSE Script
Determines the message signing configuration in SMBv2 servers for all supported dialects. The script sends a SMB2COMNEGOTIATE request for each SMB2/SMB3 dialect and parses the security mode field to determine the message signing configuration of the SMB server. References: Script Arguments...
SQL Injection
knex is vulnerable to SQL injection. Column names are not properly escaped in database dialects, allowing attackers to craft a query to the host database and access private information...
Researchers Dissect Spammers' Economic Ecosystem
A profitable spam campaign has three key elements—a reliable email list, filter-busting content, and a botnet for distribution—and each has been individually dissected and understood. But in order to adequately protect users from spam, which thrives in an established economic ecosystem, researche...