9 matches found
CLSA-2026-1779465604 postgresql: Fix of CVE-2026-6473
CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...
EUVD-2014-1050
Malware in sbrugna...
PT-2023-20327 · Unknown · Reportportal
Name of the Vulnerable Software and Affected Versions: ReportPortal versions prior to 5.10.0 Description: The ReportPortal database becomes unstable and reporting almost fully stops when the test item.path field exceeds the allowable ltree field type indexing limit, which occurs when the path...
ReportPortal Security Vulnerabilities
ReportPortal is an open source, service-oriented, web-based platform from ReportPortal Open Source. A security vulnerability exists in ReportPortal versions prior to 5.10.0 that stems from the ReportPortal database becoming unstable when the testitem.path field exceeds the allowed indexing limit...
Cross-site Scripting (XSS)
pomm/pomm is susceptible to cross-site scripting XSS attacks. The attacks are possible because it does not escape the string in LTree converter fromPg function in Pomm/Converter/PgLTree.php...
SQL Injection
Pomm is vulnerable to SQL injections. The library does not escape user supplied strings in the LTree converter, allowing a malicious user to inject and execute arbitrary SQL queries...
Sql injection
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-100019
The vulnerability is in the Pomm library’s LTree converter, where SQL injection is possible in versions before 1.1.5. An attacker could remotely execute arbitrary SQL commands due to lack of escaping for user-supplied strings. Impact and affected components are described in multiple sources (e.g....
CVE-2014-100019
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...