#sql

In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

Categories: Exploits and vulnerabilities Tags: CVSS Tags: rce Tags: vmware In a critical security advisory VMWare patches multiple RCE and EoP vulnerabilities in several affected products. (Read more...) The post Update now! VMWare patches critical vulnerabilities in several products appeared first on Malwarebytes Labs.

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8) affect the VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.

The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

Evolution CMS, FUDForum, and GitBucket vulnerabilities chained for maximum impact