8 matches found
postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...
CVE-2024-49766 Werkzeug safe_join not safe on Windows
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
CVE-2023-5368
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to re...
CVE-2023-37487
SAP Business One Service Layer - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application...
CURL-CVE-2015-3237 SMB send off unrelated memory contents
libcurl can get tricked by a malicious SMB server to send off data it did not intend to. In libcurl's state machine function handling the SMB protocol smbrequeststate, two length and offset values are extracted from data that has arrived over the network, and those values are subsequently used to...
GLSA-200705-20 : Blackdown Java: Applet privilege escalation
The remote host is affected by the vulnerability described in GLSA-200705-20 Blackdown Java: Applet privilege escalation Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an...
Blackdown Java: Applet privilege escalation
Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...
GLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200702-08 AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin ha...