Important: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CentOS: Security Advisory for lemon (CESA-2020:0227)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: Red Hat Security Advisory: sqlite security update

An update for sqlite is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

[SECURITY] Fedora 31 Update: community-mysql-8.0.19-1.fc31

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Command Execution Vulnerability in the Background of Wild Rain Novel CMS

Wild Rain Novel cms is a lightweight novel website solution based on ThinkPHP 5.1+MySQL technology. Rainy Novel cms backend has a command execution vulnerability, attackers can use the vulnerability to execute malicious code...

nodeCrypto v2.0 - Ransomware Written In NodeJs

nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Demo video Install server Upload all file of server/ folder on your webserver. Create a sql database and impo...

[SECURITY] Fedora 31 Update: community-mysql-8.0.18-4.fc31

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 30 Update: community-mysql-8.0.18-4.fc30

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Sql injection

A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicio...

[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Design/Logic Flaw

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

CVE-2019-17503

CVE-2019-17503 affects Kirona Dynamic Resource Scheduler (DRS) 5.5.3.5. An unauthenticated user can directly access /osm/REGISTER.cmd (/osm_tiles/REGISTER.cmd), which contains SQL queries that disclose database information (version, table names, column names, etc.). Multiple sources (NVD, Red Hat...

[SECURITY] Fedora 31 Update: sphinx-2.2.11-13.fc31

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

Directory Traversal Vulnerability in RGCMS

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS has a directory traversal vulnerability that can be exploited by an attacker to view the list of...

[SECURITY] Fedora 29 Update: sphinx-2.2.11-12.fc29

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

AZL-38191 CVE-2019-16168 affecting package ceph for versions less than 18.2.1-1

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...

mariadb security update

CentOS Errata and Security Advisory CESA-2019:2327 An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SQLite: Multiple vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A remote attacker could, by executing arbitrary SQL statements against a vulnerable...

USN-4090-1: PostgreSQL vulnerabilities

Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. CVE-2019-10208 Andreas Seltenreich discovered that PostgreSQL did not properly handle user-define...