Lucene search
K

73 matches found

OSV
OSV
added 2024/06/07 11:8 a.m.4 views

OESA-2024-1690 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

8.6CVSS7.5AI score0.01233EPSS
Exploits0References2
Amazon
Amazon
added 2024/05/30 12:0 a.m.9 views

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

8.6CVSS7.6AI score0.01316EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/14 10:3 a.m.15 views

CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...

6.5CVSS6.5AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 10:3 a.m.56 views

CVE-2024-33647

CVE-2024-33647 affects Polarion ALM: all versions before V2404.0. The Apache Lucene–based query engine lacks proper access controls, potentially allowing an authenticated user to query items beyond their allowed projects. Public details in connected sources confirm the vulnerability class as impr...

6.5CVSS6.3AI score0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Siemens Polarion 访问控制错误漏洞

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release. Siemens Polarion ALM suffers from an Improper Access Control vulnerability due to a lack of proper access contr...

6.5CVSS6.6AI score0.00423EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/05/04 2:22 a.m.3 views

SUSE CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

8.6CVSS7.7AI score0.01233EPSS
Exploits0References4
Snyk
Snyk
added 2024/05/03 1:42 a.m.1 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the ComposeQueryEngine function within UriQuery.c, which occurs when processing long keys or values. An attacker can execute arbitrary code or cause a denial of service by exploiting this buffer overflow condition...

8.6CVSS8.1AI score0.01233EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 1:15 a.m.6 views

AZL-43227 CVE-2024-34402 affecting package uriparser for versions less than 0.9.8-3

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

8.6CVSS6.2AI score0.01233EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 1:15 a.m.5 views

AZL-43231 CVE-2024-34402 affecting package uriparser 0.9.7-2

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

8.6CVSS6.2AI score0.01233EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 1:15 a.m.4 views

UBUNTU-CVE-2024-34402

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...

8.6CVSS6.2AI score0.01233EPSS
Exploits0References5
OSV
OSV
added 2023/08/15 6:31 p.m.1 views

GHSA-2XXC-73FV-36F7 llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS6.2AI score0.01233EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/08/15 5:15 p.m.4 views

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS6.2AI score0.01233EPSS
Exploits1References2
PyPA
PyPA
added 2023/08/15 5:15 p.m.6 views

PYSEC-2023-148

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS8.1AI score0.01233EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.6 views

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

9.8CVSS6AI score0.01233EPSS
Exploits1References13
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.3 views

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

9.8CVSS7.7AI score0.01233EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2022/01/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-7465

Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...

8.8CVSS7.4AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2021/05/19 7:15 p.m.2 views

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

6.5CVSS6.6AI score0.00704EPSS
Exploits0References2
NVD
NVD
added 2021/05/19 7:15 p.m.15 views

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

6.5CVSS0.00704EPSS
Exploits0References2
CVE
CVE
added 2021/05/19 6:37 p.m.70 views

CVE-2021-31158

The CVE affects Couchbase Server 6.5.x and 6.6.x up to 6.6.1, where the Query Engine’s Common Table Expressions did not correctly enforce per-user permissions, allowing read access to resources beyond what a user is explicitly allowed. This impacts confidentiality (High) without integrity/availab...

6.5CVSS6.4AI score0.00704EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/19 6:37 p.m.21 views

CVE-2021-31158

In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access...

6.7AI score0.00704EPSS
Exploits0References2
Rows per page
Query Builder