Lucene search
K

122 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8930

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service infinite loop via an ISO with a directory that is a member of itself...

7.5CVSS6.8AI score0.04287EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.4 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
CNVD
CNVD
added 2021/08/17 12:0 a.m.11 views

Shopware has an unspecified vulnerability

Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...

6.5CVSS3.2AI score0.00774EPSS
Exploits0References1
NVD
NVD
added 2020/12/29 6:15 p.m.19 views

CVE-2020-9093

There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1C00E1R1P1. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privileg...

5.5CVSS5.4AI score0.00488EPSS
Exploits0References1
RustSec
RustSec
added 2020/05/07 12:0 p.m.8 views

`array!` macro is unsound in presence of traits that implement methods it calls internally

Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...

0.5AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/05/05 4:43 a.m.19 views

Unauthorized Access

libunwind.so is vulnerable to unauthorised access. The vulnerability exists because it uses invalid dwarf opcodesDWOPbregXX in the dwarftounwregnum function in include/dwarfi.h, causing off-by-one error referencing beyond the end of the array...

3.3CVSS3.8AI score0.00498EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2020/03/19 12:0 p.m.55 views

RUSTSEC-2020-0005 CBox API allows to de-reference raw pointers without `unsafe` code

CBox and CSemiBox are part of the public API of the cbox crate and they allow to create smart pointers from raw pointers and de-reference them without the need of unsafe code...

9.8CVSS9.4AI score0.01629EPSS
Exploits1References3
OSV
OSV
added 2020/01/14 5:15 p.m.2 views

DEBIAN-CVE-2015-2326

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

5.5CVSS6.8AI score0.01592EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/14 4:46 p.m.24 views

CVE-2015-2326

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

6.4AI score0.01592EPSS
Exploits1References4
MariaDBUnix
MariaDBUnix
added 2020/01/14 4:46 p.m.41 views

CVE-2015-2326

Disclaimer: This data contains information about vulnerable...

5.5CVSS7AI score0.01592EPSS
Exploits1
Debian CVE
Debian CVE
added 2020/01/14 4:46 p.m.39 views

CVE-2015-2326

The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...

5.5CVSS7.5AI score0.01592EPSS
Exploits1
CNVD
CNVD
added 2019/12/10 12:0 a.m.5 views

SQLite Infinite Recursion Vulnerability

SQLite is a self-contained, serverless, zero-configuration, transactional SQL database engine. An infinite recursion vulnerability exists in alter.c in SQLite 3.30.1 and earlier versions, which can be exploited by an attacker to trigger infinite recursion via certain types of self-referencing vie...

5.5CVSS8.8AI score0.00566EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/11/14 12:0 a.m.50 views

PostgreSQL 9.3.x < 9.3.25 / 9.4.x < 9.4.20 / 9.5.x < 9.5.15 / 9.6.x < 9.6.11 / 10.x < 10.6 / 11.x < 11.1 SQL injection

The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.25, 9.4.x prior to 9.4.20, 9.5.x prior to 9.5.15, 9.6.x prior to 9.6.11, 10.x prior to 10.6, or 11.x prior to 11.1. It is, therefore, affected by following vulnerability: - An SQL injection SQLi vulnerability exists in...

9.8CVSS8.3AI score0.0515EPSS
Exploits0References8
Prion
Prion
added 2018/11/13 3:29 p.m.29 views

Sql injection

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

7.5CVSS9.6AI score0.0515EPSS
Exploits0References7Affected Software3
CVE
CVE
added 2018/11/13 3:0 p.m.300 views

CVE-2018-16850

CVE-2018-16850 affects PostgreSQL before versions 11.1 and 10.6, vulnerable to an SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. A specially crafted trigger definition can allow an attacker to execute arbitrary SQL statements with superuser privileges. The vulnerabili...

9.8CVSS9.5AI score0.0515EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2018/11/13 3:0 p.m.35 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

8CVSS9.6AI score0.0515EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2018/11/13 3:0 p.m.71 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

9.8CVSS9.8AI score0.0515EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/09 12:0 a.m.37 views

FreeBSD : PostgreSQL -- SQL injection in pg_upgrade and pg_dump (1c27a706-e3aa-11e8-b77a-6cc21735f730)

The PostgreSQL project reports : CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during ...

9.8CVSS7.9AI score0.0515EPSS
Exploits0References3
OSV
OSV
added 2018/11/08 12:0 a.m.4 views

UBUNTU-CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

9.8CVSS7.4AI score0.0515EPSS
Exploits0References4
Hacker One
Hacker One
added 2018/02/16 8:24 a.m.21 views

Semrush: Ad Builder Display Ads Path Traversal

Summary: The Semrush Ad Builder for Display Ads is vulnerable to path traversal when extracting zip files and referencing images from the embedded data.csv file. Description: The Semrush Ad Builder for Display Ads allows users to import Display Ads from an uploaded zip file. The backend...

7AI score
Exploits0
Rows per page
Query Builder