24 matches found
EUVD-2026-26247
pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS...
Astra Linux - уязвимость в qtbase-opensource-src
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3...
CVE-2022-24862
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address wi...
CrushFTP Remote Code Execution Exploit
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...
CVE-2024-28936
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...
Update Rollup 6 for System Center 2019 Orchestrator
Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System Cent...
Apache InLong 代码问题漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can explo...
CVE-2023-45825
CVEs and affected software: The issue affects ydb-go-sdk (Go native and database/sql driver for YDB) in versions from v3.48.6 up to v3.53.2. Root cause and impact: If a custom credentials object (implementing the Credentials interface) is logged via an error message, the object could be serialize...
SUSE-SU-2023:3225-1 Security update for qt6-base
This update for qt6-base fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt Network...
SUSE-SU-2023:3207-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate bsc1211994. - CVE-2023-33285: Fixed buffer overflow in QDnsLookup bsc1211642. - CVE-2023-32762: Fixed Qt...
SUSE-SU-2023:2982-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS bsc1209616. - CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security HSTS header bsc1211797. - CVE-2023-32763: Fixed buffer overflow when rendering an SVG fil...
OESA-2023-1296 qt5-qtbase security update
This package provides base tools, such as string, xml, and network handling. Security Fixes: Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and...
Update Rollup 1 for System Center 2022 Orchestrator
Update Rollup 1 for System Center 2022 Orchestrator Applies to Microsoft System Center 2022 Orchestrator UR1. Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions fo...
PT-2021-17176 · Apache +1 · Apache Druid +1
Name of the Vulnerable Software and Affected Versions: Apache Druid versions prior to 0.20.2 Description: The issue allows an attacker to execute arbitrary code from a malicious MySQL server within Druid server processes due to certain properties in the MySQL JDBC driver. This functionality is...
Update Rollup 2 for System Center 2019 Orchestrator
Update Rollup 2 for System Center 2019 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Map Published Data...
Update Rollup 1 for System Center Orchestrator 2019
Update Rollup 1 for System Center Orchestrator 2019 Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Events pane of the...
DEBIAN-CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
Update Rollup 8 for System Center 2016 Orchestrator
Update Rollup 8 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Runbook performing SQ...
RHEL 6 : dovecot (RHSA-2019:2885)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2885 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and...
SQL Injection
Moodle is vulnerable to SQL injection attacks. The attacks exist because the application does not filter null bytes \0 characters in query strings, leading to SQL statements failing and causing error to the Microsoft SQL driver. This can allow a malicious user to inject and execute SQL queries...