SUSE CVE-2014-2406

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges...

SUSE CVE-2014-7207

A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6selectident function calls, which allows local users to cause a denial of service NULL pointer dereference and system crash by leveraging 1 tun or 2 macvtap devic...

SUSE CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

SUSE CVE-2016-9076

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

SUSE CVE-2016-10764

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead...

SUSE CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

SUSE CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

SUSE CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access...

SUSE CVE-2020-4031

In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...

SUSE CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

SUSE CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

SUSE CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. A...

SUSE CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

SUSE CVE-2021-20229

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...

SUSE CVE-2021-29961

When styling and rendering an oversized element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox 89...

SUSE CVE-2021-46663

MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements...

SUSE CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

SUSE CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

SUSE CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

PT-2023-10229 · Unknown · Brandonfire Mirna Database By Php Mysql

Name of the Vulnerable Software and Affected Versions: brandonfire miRNA Database by PHP MySql affected versions not specified Description: A critical vulnerability has been found in the software, affecting the construct/select single rna/count rna function of the file inc/model.php. This...