SUSE CVE-2013-0255

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a...

SUSE CVE-2014-5273

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

SUSE CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

SUSE CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

SUSE CVE-2017-7210

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...

SUSE CVE-2019-11639

An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rectypecheckenum at rec-types.c in librec.a...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

PT-2023-34393 · Libbpf · Libbpf

Name of the Vulnerable Software and Affected Versions: libbpf versions prior to v5.10.163 Description: The issue concerns enum forward-declarations in the public API when libbpf is used in C++ mode. It has been fixed in Linux Kernel version v5.10.163. Recommendations: For versions prior to...

Reuse of signature to get KYCd after it has been removed

Lines of code Vulnerability details Impact There is no time limit on the validity off KYC digests and users with a removed KYC are not saved. If a issuer of such a digest is either compromised or if they by mistake issue a digest with a deadline far into the future a user could reuse the same...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when parsing random invalid enum strings in the EnumStringValues/EnumExtensions.cs file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

GraphCrawler - GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular...

Metasploit Weekly Wrap-Up

ICPR Certificate Management This week Metasploit has a new ICPR Certificate Management module from Oliver Lyak and our very own Spencer McIntyre, which can be utilized for issuing certificates via Active Directory Certificate Services. It has the capability to issue certificates which is useful i...

Storage layout collision issue between NounsDAOStorageV1 and NounsDAOStorageV1Adjusted

Lines of code Vulnerability details Impact Since two new variables are added in the contract NounsDAOStorageV1Adjusted at the end of the struct proposal, the memory layout between the NounsDAOStorageV1 and NounsDAOStorageV1Adjusted is colluding. This affects the variable type and values in the...

Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...

GHSA-R45X-GHR2-QJXC Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Duplicate Advisory This advisory is a duplicate of GHSA-c5hx-w945-j4pq. This link is preserved to maintain external references. Original Description Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after...

GHSA-RXHX-9FJ6-6H2M enum_map macro can cause UB when `Enum` trait is incorrectly implemented

Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...

enum_map macro can cause UB when `Enum` trait is incorrectly implemented

Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...

GHSA-WV8G-FX9J-Q2JG phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...