Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2021-43444: GitHub - ONLYOFFICE/server: The backend server software layer which is the part of ONLYOFFICE Document Server and is the base for all other components

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.

CVE
#sql#web#windows#microsoft#linux#redis#nodejs#js#git#java#c++#postgres
RHSA-2023:0194: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-21835: OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) * CVE-2023-21843: OpenJDK: soundbank URL remote loading (Sound, 8293742)

CVE-2023-22884: Move local_infile option from extra to hook parameter by potiuk · Pull Request #28811 · apache/airflow

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 13 and Jan. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2022-47015: MDEV-29644 a potential bug of null pointer dereference in spider_db_m… · MariaDB/server@be0a46b

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

CVE-2022-48120: in search.php has sql injection · Issue #32 · kishan0725/Hospital-Management-System

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.

CVE-2023-23492: Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

CVE-2023-23490: SQL Injection in Multiple WordPress Plugins

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

CVE-2023-23014: Possible XSS vulnerabilities · Issue #23 · ronknight/InventorySystem

Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.

CVE-2022-48152: SQL Injection in /medicines/profile.php via `id` parameter · Issue #20 · remoteclinic/RemoteClinic

SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.