DEBIAN-CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

PYSEC-2022-190

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

PYSEC-2022-190

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

UBUNTU-CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

online-latin-dictionary.com Cross Site Scripting vulnerability OBB-2455386

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-42262

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...

Design/Logic Flaw

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...

Softing OPC UA C++ SDK 缓冲区错误漏洞

The Softing OPC UA C++ SDK is a development kit from Softing Germany. It is used to quickly and easily integrate OPC UA clients and servers. A security vulnerability exists in versions of the Softing OPC UA C++ SDK prior to 5.70. The vulnerability stems from an invalid XML element in the type...

Fedora: Security Advisory for libsolv (FEDORA-2022-f8921a3891)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: libsolv-0.7.21-1.fc35

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: - Using a dictionary approach to store and retrieve package and dependency information. - Using satisfiability, a well known and researched topic, for resolving package...

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL MS SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not...

py-treq -- sensitive information leak vulnerability

Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...

Narthex - Modular Personalized Dictionary Generator

Narthex Greek: Νάρθηξ, νάρθηκας is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalised dictionaries that can be used for password recovery & security assessment. The...

The vulnerability of the toString() method implementation in the Spring AMQP RabbitMQ messaging application allows a attacker to cause a service failure.

The vulnerability of the toString method implementation in the Spring AMQP RabbitMQ messaging application is related to the restoration of unreliable data in memory during the processing of Dictionary objects from the java.util class. Exploiting this vulnerability could allow an attacker to cause...

Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR (3) WNHOME or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges this issue only crosses privilege boundaries when WordNet is invoked as a third party component.

...

Vulnerability of the Server component: The Data Dictionary of the MySQL Server database management system, which allows attackers to cause service interruptions.

Vulnerability of the Server component: The Data Dictionary component of the MySQL Server database management system is vulnerable due to insufficient validation of input data. Exploitation of this vulnerability can allow attackers to cause service interruptions...

Israeli Researcher Cracked Over 3,500 Wi-Fi Networks in Tel Aviv City

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2021-41790

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment...