Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a...

EUVD-2019-20117

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25696

Kados R10 GreenBee contains an SQL injection vulnerability exploitable via the language_tag parameter. The root cause is unsafe SQL construction that allows attackers to inject SQL statements into queries, enabling extraction of sensitive database information and potential data modification. Affe...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25696

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

PT-2026-30500

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language tag parameter. Attackers can submit malicious SQL statements in the language tag parameter to extract sensitive database information or modify...

EUVD-2022-7707

Malicious code in bioql PyPI...

CVE-2022-20473

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

Linux Distros Unpatched Vulnerability : CVE-2021-38561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is...

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input this can be used as a vector for a denial-of-service attack.

...

RHEL 8 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: out-of-bounds read in golang.org/x/text/language leads to DoS CVE-2021-38561 Note that Nessus has not teste...

Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Multiple vulnerabilities in the go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These vulnerabilities are fixed. Vulnerability Details CVEID:CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509...

golang: out-of-bounds read in golang.org/x/text/language leads to DoS

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of...

QuickEntity Editor 跨站脚本漏洞

QuickEntity Editor is a QuickEntity Editor by atampy25 Personal Developer. A cross-site scripting vulnerability exists in QuickEntity Editor that stems from an uncleaned HTML tag in an entity name...

SUSE CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

golang: out-of-bounds read in golang.org/x/text/language leads to DoS

A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of...

CVE-2021-38561

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

AZL-44952 CVE-2021-38561 affecting package buildah for versions less than 1.41.4-2

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

Out-of-bounds Read

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...