55 matches found
EUVD-2015-0266
Malware in sbrugna...
EUVD-2022-5820
Malicious code in bioql PyPI...
EUVD-2022-25077
Malicious code in bioql PyPI...
pgx SQL Injection via Protocol Message Size Overflow
...
CVE-2023-52775
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
GHSA-X9VC-6HFV-HG8C Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Summary The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...
CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. T...
GHSA-7JWH-3VRQ-Q3M8 pgproto3 SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v2.3.3...
pgproto3 SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v2.3.3...
pgx SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v4.18....
GHSA-MRWW-27VC-GGHV pgx SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v4.18....
CVE-2023-45887
DS Wireless Communication DWC with DWCVERSION3 and DWCVERSION11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message...
Rockwell Automation ThinManager ThinServer Denial of Service Vulnerability
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A denial of service vulnerability exists in Rockwell Automation Thinmanager Thinserver, which can be exploit...
CVE-2023-2914 Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user...
SUSE CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including 1 "missing or mismatched protocol identifier," 2 missing or negative status value," 3 "missing version," or 4 "missing or invalid status number," related t...
SUSE CVE-2016-10326
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipbodytostr function defined in osipparser2/osipbody.c, resulting in a remote DoS...