181 matches found
Unspecified Vulnerability in Blackbeam Rust-marc
Blackbeam Rust-marc is a codebase for the Rust language from Blackbeam's individual developers to interact with mrc format files. A security vulnerability exists in Blackbeam Rust-marc versions prior to 2.0.0, which stems from a user-supplied read implementation that can access the old contents o...
CVE-2021-26308
The CVE concerns the marc crate for Rust, affecting versions before 2.0.0. Affected code path is within the user-provided Read implementation (Record::read()), which could expose the old contents of newly allocated memory due to an uninitialized buffer being exposed to callers. This memory exposu...
CVE-2021-26308
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness...
Blackbeam Rust-marc 安全漏洞
Blackbeam Rust-marc is a codebase for the Rust language from Blackbeam's individual developers to interact with mrc format files. A security vulnerability exists in Blackbeam Rust-marc versions prior to 2.0.0, which stems from a user-supplied read implementation that can access the old contents o...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-4665-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4665-1 advisory. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sen...
WordPress <= 5.5.1 - Cross-Site Scripting (XSS) via Global Variables vulnerability
Cross-Site Scripting XSS via Global Variables vulnerability found by Marc Montas in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
marc-pain.de Cross Site Scripting vulnerability OBB-1348284
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
marc-wesseling.de Cross Site Scripting vulnerability OBB-1342378
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
USN-4466-1: curl vulnerability
Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information...
marc-pain.de Cross Site Scripting vulnerability OBB-1203551
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
marc.gale.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1178891 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?
Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he w...
CVE-2014-1924
The MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors...
CVE-2014-1925
SQL injection vulnerability in the MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE:...
Sql injection
The MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors...
Sql injection
SQL injection vulnerability in the MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE:...
CVE-2014-1925
Koha CVE-2014-1925 affects the MARC framework import/export function (admin/import_export_framework.pl). Affected versions include Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3. Description: an SQL injection vulnerability allows remote authenticated us...
CVE-2014-1924
The MARC framework import/export function admin/importexportframework.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors...
CVE-2014-1924
The CVE-2014-1924 entry affects Koha’s MARC framework import/export function (admin/import_export_framework.pl). The vulnerability occurs in Koha versions before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3, where the import/export interface does not require auth...
CVE-2019-19698
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wavcontentread at libwav.c...