Dbd::pg Security Vulnerabilities

pg-leonardo.cz Cross Site Scripting vulnerability OBB-3012339

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WordPress Photo Gallery 1.8.0 Cross Site Scripting

...

Siemens Industrial PCs and CNC devices Improper Privilege Management (CVE-2020-8745)

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via...

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

Code injection

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/top-user-rated-listings?listview=2&q;%22%3e%3cscript%3ealert(1)%3c%2fscript%3e=1...

WordPress / Joomla JReviews 4.1.5 Cross Site Scripting

...

AlmaLinux 8 : ruby:2.7 (ALSA-2022:6447)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6447 advisory. Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are...

CVE-2009-2882

Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to...

CVE-2017-14944

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka...

CVE-2005-2853

Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by...

CVE-2010-4360

Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2010-4360

Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2013-5216

Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified...

GuppY CMS 6.00.10 Shell Upload

...

EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2022-2384)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general...

Security update for the Linux Kernel (important)

An update that solves 23 vulnerabilities, contains 5 features and has 88 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that was...

Security update for the Linux Kernel (important)

An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that...

ruby:3.0 security, bug fix, and enhancement update

ruby [3.0.4-141] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109431 Resolves: rhbz#2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves:...

ruby:2.7 security, bug fix, and enhancement update

ruby [2.7.6-138] - Upgrade to Ruby 2.7.6. Resolves: rhbz#2109424 - Fix FTBFS due to an incompatible load directive. Related: rhbz#2109424 - Fix a fiddle import test on an optimized glibc on Power 9. Related: rhbz#2109424 - Fix regular Expression Denial of Service Vulnerability of Date...

Oracle Linux 8 : ruby:3.0 (ELSA-2022-6450)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6450 advisory. Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are...

(RHSA-2022:6450) Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431) Security Fix(es): ruby: Regular expression...

ruby:2.7 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....

CentOS 8 : ruby:2.7 (CESA-2022:6447)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6447 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix spoofing in CGI::Cookie.parse...

CentOS 8 : ruby:3.0 (CESA-2022:6450)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6450 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix spoofing in CGI::Cookie.parse...