9244 matches found
CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
CVE-2024-9774
CVE-2024-9774 affects the Python-sql library where unary operators do not escape non-Expression. Public sources reference a fix in version 1.5.2 (Fedora/openSUSE advisories), with advisories noting updated packages to address the issue. The CVE entry lists CVSSv3 metrics (base score 6.5, MEDIUM) ...
CVE-2024-9774 Python-sql: python-sql unary operators does not escape non-expression
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
The vulnerability of the cross-spawn programming platform package in Node.js, which allows a hacker to trigger a service failure
The vulnerability of the Node.js software platform’s cross-spawn package, related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the online business analytics service IBM Cognos Analytics lies in the lack of measures taken to neutralize special elements used in the expression language operator. This allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of the online business analytics service IBM Cognos Analytics lies in the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected informatio...
Vulnerabilities fixed in IBM Cognos Analytics
IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...
Arbitrary Code Execution (ACE)
angular-expressions is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to ability to escape the sandbox through a malicious expression, allowing an attacker to execute arbitrary code on the system...
OSV-2024-1397 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385326423 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/java.util.HashMap.get org.springframework.core.convert.TypeDescriptor.valueOf...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
IBM Cognos Analytics (11.2.0–11.2.4 FP4 and 12.0.0–12.0.4) is vulnerable to an Expression Language (EL) Injection that can allow a remote attacker to disclose data, exhaust memory, or crash the server when processing crafted EL statements. Affected products/versions are explicitly listed in the v...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
SUSE CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
Atlassian Confluence 7.19.x < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 (CONFSERVER-98300)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98300 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand...
QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
GHSA-PR98-23F8-JWXV QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
CVE-2024-12579
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can...