3357 matches found
UBUNTU-CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...
mariadb: incorrect key in "dup value" error after long unique
A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mymbwclatin1 at /strings/ctype-latin1.c, affecting availability...
mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...
Fortinet FortiGate和Fortinet FortiOS 格式化字符串错误漏洞
Fortinet FortiOS and Fortinet FortiGate are both products of the U.S. Fiat Fortinet Inc. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and...
CVE-2022-31177 Possible to infer sensitive information through query strings in Flask-AppBuilder
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...
Information Disclosure
Flask-AppBuilder is vulnerable to information disclosure. The vulnerability exists due to the HTTP response indicating the hashed passwords insecurely, allowing attackers to infer the partial password hashes through the malicious query strings...
Fedora: Security Advisory for golang-github-mgutz-ansi (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-nicksnyder-i18n-2-2.1.2-6.fc36
go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...
[SECURITY] Fedora 36 Update: golang-github-mgutz-ansi-0-0.14.20200729gitd51e80e.fc36
Package Ansi is a small, fast library to create ANSI colored strings and code s...
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes...
The vulnerability of the sdp_media_set_lattr() function in the Wire Secure Messenger application, related to the use of uncontrolled format strings, allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the sdpmediasetlattr function in the Wire Secure Messenger messaging application is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...
mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...
Cesanta MJS 代码问题漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...
[SECURITY] Fedora 35 Update: golang-github-nicksnyder-i18n-2-2.1.2-5.fc35
go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...
[SECURITY] Fedora 35 Update: golang-github-mgutz-ansi-0-0.13.20200729gitd51e80e.fc35
Package Ansi is a small, fast library to create ANSI colored strings and code s...
[SECURITY] Fedora 35 Update: golang-contrib-opencensus-resource-0.1.2-7.fc35
Go packages for auto discovery of resource information in various environment s. The resourcekeys packages defines well-known type and label key strings that are used by the other packages...
PT-2022-28158 · Unknown · Opentelemetry-Go Contrib
Name of the Vulnerable Software and Affected Versions: opentelemetry-go-contrib versions 0.38.0 through 0.38.0 Description: The issue concerns a denial-of-service attack due to memory allocation increase when handling requests with constantly random query strings. The httpconv.ServerRequest...
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software, related to the use of uncontrolled format strings, allows a hacker to execute arbitrary code.
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Moment.js 资源管理错误漏洞
Moment.js is a JavaScript date library. It is used to parse, validate, manipulate and format dates. Moment.js has a security vulnerability that stems from the use of an inefficient parsing algorithm. Users passing user-supplied strings to the moment constructor without sound length checking are...
[SECURITY] Fedora 36 Update: golang-contrib-opencensus-resource-0.1.2-7.fc36
Go packages for auto discovery of resource information in various environment s. The resourcekeys packages defines well-known type and label key strings that are used by the other packages...