BIT-MARIADB-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

BIT-GOLANG-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

[SECURITY] Fedora 38 Update: mingw-expat-2.6.0-1.fc38

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

The vulnerability of the Neshan Maps plugin of the WordPress content management system allows attackers to carry out attacks based on SQL injections.

The vulnerability of the Neshan Maps plugin of the WordPress content management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

[SECURITY] Fedora 38 Update: kernel-headers-6.7.3-100.fc38

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

CSZCMS 1.3.0 SQL Injection Vulnerability

Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the admin portal...

[SECURITY] Fedora 39 Update: redis-7.2.4-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

The vulnerability of the Tyk application programming interface, related to the lack of security measures for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the Tyk cloud firewall’s application programming interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Vim Resource Management Error Vulnerability

Vim is a cross-platform text editor. A resource management error vulnerability exists in versions prior to Vim v9.0.2106, which stems from the fact that when a window is closed, vim may attempt to access a window structure that has been freed...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the lack of protective measures for web page structures, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

The vulnerability of the dompdf library in the PDF Generator plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the dompdf library in the PDF Generator plugin of the WordPress content management system is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

The vulnerability of the Companion Sitemap Generator plugin for the WordPress content management system allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Companion Sitemap Generator plugin for the WordPress content management system is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

GLSA-202311-02 : Netatalk: Multiple Vulnerabilities including root remote code execution

The remote host is affected by the vulnerability described in GLSA-202311-02 Netatalk: Multiple Vulnerabilities including root remote code execution - This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager...

CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

The vulnerability of the Twittee Text Tweet Plugin of the WordPress content management system allows a hacker to carry out cross-site scripting attacks.

The vulnerability of the Twittee Text Tweet Plugin for WordPress content management system exists due to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Jenkins Fortify Plugin relates to the lack of protective measures for website structures, allowing attackers to perform HTML injections.

The vulnerability of the Jenkins Fortify Plugin is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to perform HTML injection remotely...

kvm_utils3 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt 9.0.0-3.el8 - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' Peter Krempa Orabug: 35644221 CVE-2023-3750 - virpci: Resolve leak in virPCIVirtualFunctionList cleanup Tim Shearer Orabug: 35395469...

The vulnerability of the Nozomi Guardian detection and tracking tool for network activities, as well as the Nozomi Central Management Console (CMC) – a central management tool for security operations – stems from the lack of protective measures for the SQL query structure. This allows attackers to gain unauthorized access to protected information and execute arbitrary SQL queries.

The vulnerability of the Nozomi Guardian detection and tracking tool for network activities, as well as the Nozomi Central Management Console CMC, relates to the lack of protective measures taken against SQL query structures during parameter sorting. Exploiting this vulnerability could allow an...