Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2021-46664: [MDEV-25761] Assertion `aggr != __null' failed in sub_select_postjoin_aggr

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

CVE
#sql#oracle#perl
CVE-2021-46661: [MDEV-25766] Unused CTE lead to a crash in find_field_in_tables/find_order_in_list

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

CVE-2021-46668: [MDEV-25787] Bug report: crash on SELECT DISTINCT thousands_blob_fields

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

CVE-2022-24130: XTERM - Change Log

xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

CVE-2021-40412

An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection.

CVE-2022-23098: connman/connman.git - Connection Manager

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

CVE-2022-23858: CVE-2022-23858 REST API vulnerability in StarWind products

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.

CVE-2022-21658: [stable] Fix CVE 2022 21658 and prepare 1.58.1 by pietroalbini · Pull Request #93110 · rust-lang/rust

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affect...

CVE-2021-23225: The Complete RRDTool-based Graphing Solution

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.