Lucene search
K

25 matches found

RedHat Linux
RedHat Linux
added 5 days ago4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago6 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2026-1875)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1875 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

7.5CVSS6AI score0.00904EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3383 (ALAS-2026-3383)

The version of golang installed on the remote host is prior to 1.25.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3383 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.3AI score0.00904EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : golang-github-burntsushi-toml, golang-github-burntsushi-toml-devel (ALAS2023-2026-1877)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1877 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

7.5CVSS6.2AI score0.00904EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/12 6:16 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via mysqlrealescapestring when used with the text protocol and the Big5 character set. An attacker can execute arbitrary SQL queries by supplying specially crafted input that bypasses escaping performed by...

9.8CVSS6.2AI score0.00419EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:16 p.m.9 views

ALPINE-CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.14 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS0.00419EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/12 5:34 p.m.7 views

EUVD-2026-36517

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

6.9CVSS5.5AI score0.00419EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/11/17 12:0 a.m.5 views

Mageia: Security Advisory (MGASA-2025-0298)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS6.8AI score0.00361EPSS
Exploits0References5
OSV
OSV
added 2025/11/06 12:58 p.m.4 views

BIT-GOLANG-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS6.9AI score0.00526EPSS
Exploits0References6
Mageia
Mageia
added 2025/11/04 4:13 p.m.17 views

Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.8AI score0.00626EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/04 6:51 a.m.2 views

Excessive resource consumption in net/http, net/textproto and mime/multipart

...

7.5CVSS9.3AI score0.01479EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/12/18 12:0 a.m.41 views

GLSA-202212-01 : curl: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202212-01 curl: Multiple Vulnerabilities - When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the...

9.8CVSS7.5AI score0.3197EPSS
Exploits23References33
OSV
OSV
added 2021/08/05 9:15 p.m.5 views

ALPINE-CVE-2021-22925

curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...

5.3CVSS7AI score0.04929EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 4:15 p.m.31 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

3.1CVSS6.6AI score0.04385EPSS
Exploits1References14
OSV
OSV
added 2021/05/26 8:0 a.m.10 views

CURL-CVE-2021-22898 TELNET stack contents disclosure

curl supports the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack bas...

3.1CVSS5.1AI score0.04385EPSS
Exploits1
curl security advisories
curl security advisories
added 2021/05/26 8:0 a.m.8 views

TELNET stack contents disclosure

curl supports the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack bas...

3.1CVSS6.8AI score0.04385EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2019/07/03 4:15 p.m.7 views

CVE-2018-11421

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to...

9.8CVSS5.8AI score0.00906EPSS
Exploits0References1
Rows per page
Query Builder