246 matches found
Fedora: Security Advisory for lucene (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: lucene-9.9.2-2.fc40
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform...
SUSE CVE-2020-14804
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
Sql injection
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
PT-2023-20636 · Ox Software Gmbh +1 · Ox App Suite +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a full-text autocomplete search that allows user-provided SQL syntax to be injected into SQL statements. Despite existing sanitization, this can be exploited to trigger...
Open-Xchange AppSuite SQL Injection Vulnerability
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. An SQL injection vulnerability exists in Open-Xchange AppSuite, which stems from an SQL injection vulnerability in the...
SUSE CVE-2012-3167
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search...
SUSE CVE-2013-3802
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search...
SUSE CVE-2014-0427
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS...
SUSE CVE-2016-0647
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS...
SUSE CVE-2016-0653
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS...
SUSE CVE-2018-20346
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL...
SUSE CVE-2018-20506
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...
SUSE CVE-2019-2801
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
SUSE CVE-2020-13632
ext/fts3/fts3snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo query...
Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...
mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...