220 matches found
Memory Disclosure
PostgreSQL is vulnerable to Memory Disclosure. The vulnerability is caused due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. This can lead to an attacker access sensitive information by exploiting certain aggregate function call...
Exploit for Incorrect Comparison in Dynamic-Linq Linq
Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...
Vulnerability in core server (CVE-2023-5868)
Memory disclosure in aggregate function calls Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type...
postgresql-server -- Memory disclosure in aggregate function calls
PostgreSQL Project reports: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have...
FreeBSD : postgresql-server -- Memory disclosure in aggregate function calls (31f45d06-7f0e-11ee-94b4-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 31f45d06-7f0e-11ee-94b4-6cc21735f730 advisory. - Memory disclosure in aggregate function callsmore details CVE-2023-5868 Note that Nessus has not test...
PT-2023-35548 · Git +1 · Igraph
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including igraph strvector set len, igraph strvect...
Malicious code in aws-enumerate-iam (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 96d7eea455989a7a10bf2fafd9f9c4a2d5d9a4c2a3ec852e424885f3e51c5edb Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI. The malicious code was hidden in strategic...
AlmaLinux 9 : bind (ALSA-2023:5689)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5689 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the...
Ubuntu 16.04 ESM / 18.04 ESM : Bind vulnerability (USN-6421-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6421-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly...
Race condition on timeWeightedWeeklyGlobalConcLiquidityLastSet_ can lead to incorrect rewards.
Lines of code Vulnerability details Impact timeWeightedWeeklyGlobalConcLiquidityLastSet is read and written in multiple functions. If two transactions call at similar times, the state updates could overwrite each other. The timeWeightedWeeklyGlobalConcLiquidityLastSet state variable is used in...
Malicious code in aliababcloud-tea-openapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 644686188e6f43d2dc595074d7644cba060e6a91b8de18713f4b551a76a6c3b7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
InterchainProposalExecutor will fail if any proposal requires value transfer, breaking core logic
Lines of code Vulnerability details Impact Proposals which are sent from a source chain using InterchainProposalSender to a destination chain to be executed using InterchainProposalExecutor are intended to support function calls that include transfers of ETH, or other native token. However, the...
DEBIAN-CVE-2023-32200
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...
PT-2023-35520 · Git +1 · Fluent-Bit
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free WRITE 8 crash has been reported. The crash state includes function calls such as mk event timeout destroy, flb sched destroy, and f...
PT-2023-35832 · Git +1 · Liblouis
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which was identified through an OSS-Fuzz report. The crash state involves several functions, includi...
The minter can steal the Frankencoin in notifyLoss()
Lines of code Vulnerability details Impact The minter can steal the Frankencoin in notifyLoss because of In this code: if reserveLeft = amount transferaddressreserve, msg.sender, amount; The minter can call the function notifyLoss Constantly. When reserveLeft = amount, the minter who call the fir...
PT-2023-35741 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including iv put, mrb obj iv set force, and mrb vm...
PT-2023-35715 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address. The crash state involves several function calls: mrb vm find method, mrb vm...