lemon, sqlite security update

CentOS Errata and Security Advisory CESA-2015:1634 An updated sqlite package that fixes one security issue is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

CVE-2014-8910

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement...

[SECURITY] Fedora 22 Update: drupal7-views_bulk_operations-3.3-1.fc22

This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...

IBM DB2 XML/XSLT Function File Read Vulnerability

IBM DB2 is a set of relational database management system developed by IBM in the United States, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. IBM DB2 has a security vulnerability that allows...

PHP云人才系统最新版1处SQL注入(union select)

简要描述： PHP云人才系统最新版1处SQL注入union select，无需登陆，可取任意数据。 官网demo测试。 详细说明： 最新版全局过滤函数修改：config/db.safety.php 27 function gpc2sql$str,$str2 28 29 ifpregmatch"/select|insert|update|delete|union|loadfile|outfile/is", $str 30 31 exitsafepape; 32 33 34...

php: NULL pointer dereference in pgsql extension

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1)

The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes. This update contains the following feature enablements : - The remote block device rbd and ceph drivers have been enabled and are now supported. FATE318350 These can be used e.g. for accessing the...

SQLite Denial of Service Vulnerability (CNVD-2015-02748)

SQLite is an open source C-based embedded relational database management system developed by American software developer D. Richard Hipp. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in the 'sqlite3VXPrintf' function in the...

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

Integer overflow

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

Design/Logic Flaw

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

UBUNTU-CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

FreeBSD : sqlite -- multiple vulnerabilities (dec3164f-3121-45ef-af18-bb113ac5082f)

NVD reports : SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, ...

Ember.js XSS Vulnerability With {{view "select"}} Options

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the select view means that any user-supplied data bound to an option's label will not be escaped correctly. In applicatio...

UBUNTU-CVE-2015-2206

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

SUSE-SU-2015:0529-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive various security and bugfixes. This update contains the following feature enablements: - The remote block device rbd and ceph drivers have been enabled and are now supported. FATE318350 These can be used e.g. for accessing the...