CVE-2023-45820

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

EUVD-2023-2748

Malicious code in bioql PyPI...

EUVD-2022-31882

Malicious code in bioql PyPI...

BIT-MARIADB-MIN-2022-27379

An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2024-28115

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...

CVE-2024-28115 Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...

mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

Tenable Nessus < 10.6.2 Multiple Vulnerabilities (TNS-2023-37)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-37 advisory. - Nessus leverages third-party software to help provide underlying functionality...

Code injection

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

CVE-2023-45820 Directus crashes on invalid WebSocket message

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6.2 and lower that allows an attacker to cause a denial of service DoS via a speciall...

GitLab 9.2.x - 10.4.6, 10.5.x - 10.5.6, 10.6.x - 10.6.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY...

mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY...

Cisco Connected Mobile Experiences (CMX) 访问控制错误漏洞

Cisco Connected Mobile Experiences CMX is an intelligent Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics to consumers' mobile devices. A user enumeration vulnerability exists in API authorization for Cisco Connected Mobile Experiences...

Cisco Connected Mobile Experiences Elevation of Privilege Vulnerability

Cisco Connected Mobile Experiences CMX is an intelligent Wi-Fi solution that uses the Cisco wireless infrastructure to provide location services and location analytics to consumers' mobile devices. An elevation of privilege vulnerability exists in Cisco Connected Mobile Experiences 10.6.0, 10.6.1...

Symantec Messaging Gateway Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Symantec Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of Symantec Messagi...

Symantec Messaging Gateway Directory Traversal Vulnerability

Symantec Messaging Gateway is a spam filter that combines anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A directory traversal vulnerability exists in Symantec Messaging Gateway version 10.6.2. An attacker can leverage the directory...

Symantec Messaging Gateway Decomposer Engine Security Update (SYM16-015)

Symantec has released an update to address two issues in the RAR file parser component of the antivirus decomposer engine used by multiple Symantec products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...