29779 matches found
MiracleLinux 8 : thunderbird-128.14.0-3.el8_10.ML.1 (AXSA:2025-10810:21)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10810:21 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...
MiracleLinux 8 : firefox-128.14.0-2.el8_10.ML.1 (AXSA:2025-10786:30)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10786:30 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...
CVE-2024-58339
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
CVE-2024-58339
Summary: CVE-2024-58339 affects LlamaIndex up to 0.12.2, due to an uncontrolled resource‑consumption path in the VannaQueryEngine. The vulnerable code is in llama_index/packs/vanna/base.py, inside custom_query(), where SQL is generated from a user‑supplied prompt and executed via vn.run_sql() wit...
SUSE-SU-2026:20031-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...
CVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...
CVE-2026-22693
HarfBuzz text shaping engine contains a null pointer dereference in SubtableUnicodesCache::create (src/hb-ot-cmap-table.hh) that occurs when hb_malloc returns NULL before a placement new, leading to undefined behavior/segfault on low memory. This affects versions prior to 12.3.0 and has been fixe...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-43120
An issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request...
CVE-2023-49322
Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
CVE-2018-14777
An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...
CVE-2018-10531
An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks...
CVE-2009-4839
Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...
CVE-2009-4330
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...
CVE-2009-4837
Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 sig1 parameter to base/baseqrymain.php, or the time01 parameter to 2 base/basestatalerts.php or 3...
CVE-2009-4838
SQL injection vulnerability in baseagcommon.php in Basic Analysis and Security Engine BASE before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...
CVE-2021-27408
The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Ally...