SUSE CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

SUSE CVE-2017-2518

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

SUSE CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

SUSE CVE-2019-20394

A double-free is present in libyang before v1.0-r3 in the function yyparse when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

SUSE CVE-2020-6813

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox 74...

SUSE CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

SUSE CVE-2021-45956

Dnsmasq 2.86 has a heap-based buffer overflow in printmac called from logpacket and dhcpreply. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

SUSE CVE-2022-31624

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

CVE-2023-0260

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Sql injection

The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Sql injection

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Sql injection

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Sql injection

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

Sql injection

The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware

A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited...

SQL Statement Disclosure

Web applications usually rely on backend database servers to store persistent information like users, sessions or for example products of an e-commerce website. In some cases, these web applications may fail to properly handle potential errors raised when querying the database, displaying raw...

Oracle Linux 6 : hsqldb (ELSA-2023-12103)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12103 advisory. - Fix possible remote code execution vulnerability CVE-2022-41853Orabug: 34820687 - Backport patch, addressing CVE-2007-4576 Tenable has extracted the precedin...