1081 matches found
Vulnerability of the Windows OLE operating system component, allowing a hacker to execute arbitrary code
The vulnerability of the Windows OLE operating system is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
CVE-2024-27289
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...
DEBIAN-CVE-2024-27289
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...
CVE-2024-27289
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...
CVE-2024-27289 pgx SQL Injection via Line Comment Creation
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...
GHSA-M7WR-2XF7-CM9P pgx SQL Injection via Line Comment Creation
Impact SQL injection can occur when all of the following conditions are met: 1. The non-default simple protocol is used. 2. A placeholder for a numeric value must be immediately preceded by a minus. 3. There must be a second placeholder for a string value after the first placeholder; both must be...
Cross Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the sequential and numeric nature of event IDs via /ccm/calendar/dialogs/event/delete/submit endpoint, allowing an attacker to manipulate an admin into unintentionally deleting events on the site...
GHSA-3RXX-8F33-7P6P Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...
CVE-2023-48653
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...
AlmaLinux 8 : firefox (ALSA-2024:0955)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...
AlmaLinux 9 : firefox (ALSA-2024:0952)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...
Oracle Linux 8 : firefox (ELSA-2024-0955)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. 115.8.0-1.0.1 - Update to 115.8.0 build 1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
Oracle Linux 9 : thunderbird (ELSA-2024-0963)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...
Mozilla: Incorrect code generation on 32-bit ARM devices
The Mozilla Foundation Security Advisory describes this flaw as: Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices...