3076 matches found
CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...
CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...
CVE-2026-48232
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...
CVE-2026-48232
Open ISES Tickets prior to version 3.44.2 contains a SQL injection in ajax/fullsit_incidents.php where the offset parameter from GET is directly concatenated into the LIMIT clause without sanitization. Authenticated attackers can craft requests to alter query semantics, potentially reading, modif...
CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...
EUVD-2026-31314
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...
CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...
PT-2026-42510
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read,...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the offset GET parameters in the ajax/sitincidents.php file being directly concatenated...
PT-2026-42511
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, ...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the offset GET parameters in the ajax/fullsit-incidents.php file being directly...
Improper Validation of Specified Index, Position, or Offset in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...
CVE-2026-42959
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fixed the use of the pointer offset in errorstateread. This fix addresses the issue where, when there is no i915gpucoredump but the buf offset is non-zero, a kernel page fault may occur. This issue occurs when...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The hardcoded hdr2len parameter was replaced with the offsetof function in smb2calcmaxoutbuflen. After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", the management of response buffers was changed to use ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: hfs: Fixed a buffer overflow issue in hfsbnoderead. This patch introduces the isbnodeoffsetvalid method, which checks the requested offset value. It also introduces the checkandcorrectrequestedlength method, which checks and...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: udplite: A NULL pointer dereference issue was fixed in skmemraiseallocated. syzbot reported a NULL pointer dereference in skgetrmem0 when using IPPROTOUDPLITE 0x88. 14:25:52, executing program 1: r0 = socket$inet60xa, 0x80002,...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If the dataoffset and datalength fields of the smbdirectdatatransfer structure are invalid, an out-of-bounds issue may occur. This patch validate...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: The hugepteoffset function currently returns a pointer to an PMD slot, even when the underlying entry points to an invalid invalidptetable indicating no mapping. Functions like smapshugetlbrange retrieve this invalid...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validation of doorbelloffset during user queue creation. The function amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without proper checking. An arbitrarily large...