Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2020-13871: SQLite: Ticket Change Details

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

CVE
#sql
CVE-2020-13692

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

CVE-2020-10546: exploits/CVE-2020-10546.py at master · theguly/exploits

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE-2020-10548: exploits/CVE-2020-10548.py at master · theguly/exploits

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE-2020-10547: exploits/CVE-2020-10547.py at master · theguly/exploits

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE-2020-10549: exploits/CVE-2020-10549.py at master · theguly/exploits

rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

CVE-2020-13448: CVE-2020-13448 - QuickBox - Authenticated RCE/Privilege Escalation

QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.

CVE-2020-13632: 1080459 - chromium - An open-source project to help move the web forward.

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

CVE-2020-13434: SQLite: View Ticket

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.