CVE-2025-53005

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53006

DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...

CVE-2025-53005

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-53004

DataEase (open source BI tool) prior to version 2.10.11 is affected by a bypass vulnerability in the Redshift Data Source JDBC Connection Parameters. The issue is triggered by the sslfactory and sslfactoryarg parameters, allowing bypass of security controls. A fix is available in version 2.10.11,...

PT-2025-27411 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's Redshift Data Source JDBC Connection Parameters. The sslfactory and...

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

Pidgin MXIT get_utf8_string Code Execution Vulnerability(CVE-2016-2378)

DESCRIPTION A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negativ...

Pidgin MXIT Extended Profiles Code Execution Vulnerability(CVE-2016-2371)

DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. CVSSv3 SCORE 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H TESTED VERSIONS Pidgin...

Scientific Linux Security Update : pidgin on SL7.x x86_64 (20170801)

The following packages have been upgraded to a later upstream version: pidgin 2.10.11. Security Fixes : - A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgi...

Pidgin MXIT Protocol Directory Traversal Vulnerability

Pidgin is a cross-platform real-time communication client. A directory traversal vulnerability exists in the MXIT protocol handling of Pidgin version 2.10.11, which can be exploited by an attacker to overwrite a file by providing an invalid boot image name...

Pidgin MXIT Protocol Denial of Service Vulnerability (CNVD-2016-04335)

Pidgin is a cross-platform real-time communication client. A denial-of-service vulnerability exists in the MXIT protocol processing in Pidgin version 2.10.11, which can be exploited by an attacker to cause a denial of service read across boundaries by sending invalid data...

Pidgin MXIT Protocol Memory Corruption Vulnerability (CNVD-2016-04333)

Pidgin is a cross-platform real-time communication client. A memory corruption vulnerability exists in the MXIT protocol processing in Pidgin version 2.10.11, which can be exploited by an attacker to cause a buffer overflow, execute arbitrary code, or cause a memory leak by sending specially...

Pidgin MXIT Protocol Denial of Service Vulnerability (CNVD-2016-04336)

Pidgin is a cross-platform real-time communication client. A denial of service vulnerability exists in the MXIT protocol processing in Pidgin version 2.10.11, which can be exploited by an attacker to cause a denial of service null pointer backreference by sending packets starting with a null byte...

Pidgin MXIT Protocol Denial of Service Vulnerability (CNVD-2016-04337)

Pidgin is a cross-platform real-time communication client. A denial-of-service vulnerability exists in the MXIT protocol processing in Pidgin version 2.10.11, which can be exploited by an attacker to cause a denial of service read across boundaries by sending invalid data...

Pidgin MXIT Protocol Denial of Service Vulnerability

Pidgin is a cross-platform real-time communication client that supports several commonly used real-time communication protocols and allows users to log into different real-time communication services with the same software. A denial of service vulnerability exists in the MXIT protocol processing ...

Zope XSS Vulnerability (Jan 2010)

Zope is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...