#sql

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.

PHP Melody version 3.0 suffers from a remote SQL injection vulnerability.

PHP Melody version 3.0 suffers from multiple cross site scripting vulnerabilities.

SPA Cart CMS version 2021 suffers from a remote SQL injection vulnerability.

Ubuntu Security Notice 5122-2 - USN-5122-1 fixed a vulnerability in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. On Ubuntu 16.04 ESM This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. On Ubuntu 14.04 ESM, core file generation has been disabled by default. Various other issues were also addressed.

Red Hat Security Advisory 2021-3987-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.

Whitepaper called Analyzing Java Heap Dumps.

Ubuntu Security Notice 5124-1 - It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. Various other issues were also addressed.