Lucene search
+L

246 matches found

OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.16 views

Fedora: Security Advisory for lucene (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.22 views

[SECURITY] Fedora 40 Update: lucene-9.9.2-2.fc40

Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/10/31 2:29 a.m.2 views

SUSE CVE-2020-14804

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS6.5AI score0.01799EPSS
Exploits0References2
NVD
NVD
added 2023/08/02 1:15 p.m.18 views

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...

9.8CVSS7AI score0.00683EPSS
Exploits0References4
Prion
Prion
added 2023/08/02 1:15 p.m.14 views

Sql injection

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...

7.5CVSS9.7AI score0.00683EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/08/02 12:23 p.m.28 views

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...

5.5CVSS9.9AI score0.00683EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/02 12:0 a.m.6 views

PT-2023-20636 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a full-text autocomplete search that allows user-provided SQL syntax to be injected into SQL statements. Despite existing sanitization, this can be exploited to trigger...

9.8CVSS9.7AI score0.00683EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.4 views

Open-Xchange AppSuite SQL Injection Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. An SQL injection vulnerability exists in Open-Xchange AppSuite, which stems from an SQL injection vulnerability in the...

9.8CVSS7.8AI score0.00683EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.2 views

SUSE CVE-2012-3167

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search...

3.5CVSS5.6AI score0.02707EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.2 views

SUSE CVE-2013-3802

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search...

4CVSS5.9AI score0.03245EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.2 views

SUSE CVE-2014-0427

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS...

3.5CVSS6AI score0.02035EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.0 views

SUSE CVE-2016-0647

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS...

5.5CVSS8.2AI score0.01699EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.2 views

SUSE CVE-2016-0653

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS...

5.5CVSS6.7AI score0.00815EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-20346

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL...

7CVSS8.5AI score0.0986EPSS
Exploits1References44
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.5 views

SUSE CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...

7CVSS8.6AI score0.07565EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:18 a.m.5 views

SUSE CVE-2019-2801

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.7AI score0.02008EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-13632

ext/fts3/fts3snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo query...

4.3CVSS6.9AI score0.00571EPSS
Exploits0References80
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 11:29 p.m.38 views

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/25 9:10 a.m.12 views

mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.3AI score0.02052EPSS
Exploits0References4
Snyk
Snyk
added 2022/10/19 6:23 a.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...

4.1CVSS7.6AI score
Exploits0References2
Rows per page
Query Builder