122 matches found
SUSE CVE-2015-8930
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service infinite loop via an ISO with a directory that is a member of itself...
jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...
Shopware has an unspecified vulnerability
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...
CVE-2020-9093
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1C00E1R1P1. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privileg...
`array!` macro is unsound in presence of traits that implement methods it calls internally
Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...
Unauthorized Access
libunwind.so is vulnerable to unauthorised access. The vulnerability exists because it uses invalid dwarf opcodesDWOPbregXX in the dwarftounwregnum function in include/dwarfi.h, causing off-by-one error referencing beyond the end of the array...
RUSTSEC-2020-0005 CBox API allows to de-reference raw pointers without `unsafe` code
CBox and CSemiBox are part of the public API of the cbox crate and they allow to create smart pointers from raw pointers and de-reference them without the need of unsafe code...
DEBIAN-CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
CVE-2015-2326
Disclaimer: This data contains information about vulnerable...
CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
SQLite Infinite Recursion Vulnerability
SQLite is a self-contained, serverless, zero-configuration, transactional SQL database engine. An infinite recursion vulnerability exists in alter.c in SQLite 3.30.1 and earlier versions, which can be exploited by an attacker to trigger infinite recursion via certain types of self-referencing vie...
PostgreSQL 9.3.x < 9.3.25 / 9.4.x < 9.4.20 / 9.5.x < 9.5.15 / 9.6.x < 9.6.11 / 10.x < 10.6 / 11.x < 11.1 SQL injection
The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.25, 9.4.x prior to 9.4.20, 9.5.x prior to 9.5.15, 9.6.x prior to 9.6.11, 10.x prior to 10.6, or 11.x prior to 11.1. It is, therefore, affected by following vulnerability: - An SQL injection SQLi vulnerability exists in...
Sql injection
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
CVE-2018-16850 affects PostgreSQL before versions 11.1 and 10.6, vulnerable to an SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. A specially crafted trigger definition can allow an attacker to execute arbitrary SQL statements with superuser privileges. The vulnerabili...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
FreeBSD : PostgreSQL -- SQL injection in pg_upgrade and pg_dump (1c27a706-e3aa-11e8-b77a-6cc21735f730)
The PostgreSQL project reports : CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during ...
UBUNTU-CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
Semrush: Ad Builder Display Ads Path Traversal
Summary: The Semrush Ad Builder for Display Ads is vulnerable to path traversal when extracting zip files and referencing images from the embedded data.csv file. Description: The Semrush Ad Builder for Display Ads allows users to import Display Ads from an uploaded zip file. The backend...