Lucene search
+L

266 matches found

Veracode
Veracode
added 2020/04/03 12:40 a.m.31 views

Information Disclosure

containers/image is vulnerable to information disclosure. The vulnerability exists as it reads entire image manifest into memory...

3.3CVSS1.5AI score0.00688EPSS
Exploits0References11Affected Software5
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.41 views

EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-1364)

According to the versions of the sqlite packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL...

7.5CVSS7.6AI score0.07856EPSS
Exploits1References11
Exploit DB
Exploit DB
added 2020/01/16 12:0 a.m.355 views

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation

Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...

8.8CVSS8.8AI score0.00643EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2020/01/09 10:5 p.m.33 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS7.4AI score0.03244EPSS
Exploits0References3
NVD
NVD
added 2020/01/03 10:15 p.m.26 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS7.8AI score0.03244EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/01/03 10:15 p.m.32 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS7.1AI score0.03244EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/01/03 10:15 p.m.58 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS2.9AI score0.03244EPSS
Exploits0
Cvelist
Cvelist
added 2020/01/03 9:37 p.m.33 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

8.4AI score0.03244EPSS
Exploits0References5
CVE
CVE
added 2020/01/03 9:37 p.m.334 views

CVE-2019-19959

CVE-2019-19959 affects SQLite 3.30.1. The issue occurs in ext/misc/zipfile.c when using INSERT INTO with embedded '\0' characters in filenames, causing a memory-management error (detectable by tools like valgrind). The Astra Linux security bulletin confirms the same SQLite 3.30.1 ZIP/file handlin...

7.5CVSS8.2AI score0.03244EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2020/01/03 9:37 p.m.34 views

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS7.7AI score0.03244EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/06 5:13 p.m.6 views

Mozilla: Unintended access to a privileged JSONView object

A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...

5.8CVSS7.2AI score0.00791EPSS
Exploits0References5
OSV
OSV
added 2019/10/21 11:15 p.m.21 views

CVE-2019-16404

Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...

8.8CVSS8.3AI score0.01075EPSS
Exploits1References1
Prion
Prion
added 2019/10/21 11:15 p.m.18 views

Sql injection

Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...

6.5CVSS8.9AI score0.01075EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/10/09 12:15 p.m.3 views

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

7.2CVSS7.2AI score0.02071EPSS
Exploits1References1
Debian
Debian
added 2019/06/17 11:42 p.m.213 views

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

9.8CVSS7.2AI score0.98745EPSS
Exploits6
OSV
OSV
added 2019/06/07 5:29 p.m.4 views

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

7.2CVSS6.1AI score0.0221EPSS
Exploits1References4
NVD
NVD
added 2019/01/11 5:29 a.m.25 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS7.6AI score0.01506EPSS
Exploits1References1
OSV
OSV
added 2019/01/11 5:29 a.m.5 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS7.4AI score0.01506EPSS
Exploits1References1
OSV
OSV
added 2018/11/30 6:29 p.m.3 views

CVE-2018-18983

VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file which is already in memory into another heap-based buffer, which may cause the program to crash or allow remote code execution...

8.8CVSS6AI score
Exploits0References2
0day.today
0day.today
added 2018/05/30 12:0 a.m.75 views

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

0.1AI score0.71242EPSS
Exploits10
Rows per page
Query Builder