All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....
7.5CVSS
0.001EPSS
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....
7.5CVSS
7.5AI Score
0.001EPSS
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....
7.5CVSS
7.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
5.4.17-2136.308.7.el7 uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) x86/cpu:...
7.8CVSS
-0.4AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) -...
7.8CVSS
-0.4AI Score
0.0004EPSS
Debian DSA-5161-1 : linux - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5161 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker...
8.2CVSS
7.4AI Score
0.001EPSS
pg-riders.at Cross Site Scripting vulnerability OBB-2646699
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
8CVSS
6.8AI Score
0.001EPSS
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
6.8CVSS
6.9AI Score
0.001EPSS
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
6.8CVSS
0.001EPSS
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
6.8CVSS
7AI Score
0.001EPSS
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
6.8CVSS
6.9AI Score
0.001EPSS
Malicious code in dai-pg (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (380a8ec5aad17aa31577c83a6d88aa6060b4631380bc351d846ef8b6d9d0a1e8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
6.8CVSS
7AI Score
0.001EPSS
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...
7.3AI Score
0.001EPSS
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these....
8.8CVSS
6.9AI Score
0.002EPSS
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational...
5.4CVSS
6.9AI Score
0.001EPSS
Malicious code in pg-ng-popover (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b7eae5ce3ffe7a6a45252fbf8e9e7baab3dd7e94d06676793c490eaa77094a06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
An update is available for rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
2.2AI Score
An update is available for perl-DBD-Pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
2.2AI Score
TRENDnet TI-PG1284i Integer Underflow Vulnerability
The TRENDnet TI-PG Series is a series of switches from Trend Micro Networks (TRENDnet), Inc. A security vulnerability exists in previous versions of the TRENDnet TI-PG1284i 2.0.2.S0, and no details of the vulnerability are currently...
4.1AI Score
TRENDnet TI-PG1284i null pointer dereference vulnerability
TRENDnet TI-PG Series is a series of switches from Trend Micro Networks (TRENDnet), Inc. A security vulnerability exists in versions prior to TRENDnet TI-PG1284i 2.0.2.S0, which could be exploited by an attacker to crash a process by sending crafted lldp packets to the...
2.9AI Score
perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
6.8AI Score
5.32 metadata for the Rocky Linux 8 module matrix (2/4)
An update is available for perl-DBD-Pg, perl-DBI, perl-IO-HTML, perl-LWP-MediaTypes, perl-Data-Dump, perl-FCGI, perl-HTTP-Message, perl-Net-HTTP, perl-File-pushd, perl-Try-Tiny, perl-Digest-HMAC, perl-HTML-Parser, perl-NTLM, perl-Mozilla-CA, perl-IO-Socket-SSL, perl-libwww-perl,...
2.1AI Score
An update is available for perl-Pod-Perldoc, perl-DBI, perl-IO-HTML, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Data-Dump, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template,.....
1.8AI Score
5.32 metadata for the Rocky Linux 8 module matrix (3/4)
An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...
2.1AI Score
5.32 metadata for the Rocky Linux 8 module matrix (1/4)
An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...
2.1AI Score
RHEL 7 : Satellite 6.10.5 Async Bug Fix Update (Important) (RHSA-2022:1708)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1708 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.8CVSS
8.7AI Score
0.002EPSS
(RHSA-2022:1708) Important: Satellite 6.10.5 Async Bug Fix Update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
-0.1AI Score
0.002EPSS
PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection
PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a.....
7.8AI Score
0.011EPSS
PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection
PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a.....
7.3AI Score
0.011EPSS
Elgg Reflected XSS Vulnerability
VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...
6.1CVSS
7.1AI Score
0.001EPSS
Elgg Reflected XSS Vulnerability
VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...
6.1CVSS
6.9AI Score
0.001EPSS
RubyGems: Possibility to guess email address from gravatar image URL
The hash used for gravatar used in rubygems.org is a simple md5, which could allow an attacker to guess the user's email address. https://en.gravatar.com/site/implement/hash/ https://github.com/chrislloyd/gravtastic/blob/master/lib/gravtastic.rb#L79 ruby def gravatar_id ...
6.6AI Score
Cab fare calculator < 1.0.4 - Unauthenticated LFI
The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...
9.8CVSS
2AI Score
0.03EPSS
Security update for the Linux Kernel (important)
An update that solves 12 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-25636: Fixed an issue which allowed a local users to...
7.8CVSS
-0.2AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 22 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-25636: Fixed an issue which allowed a local users to...
7.8CVSS
-0.3AI Score
0.001EPSS
In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange...
7.5CVSS
0.001EPSS
620.pg-qq168.ws Cross Site Scripting vulnerability OBB-2447026
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
AlmaLinux 8 : ruby:2.5 (ALSA-2022:0545)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0545 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue...
8.8CVSS
8.2AI Score
0.011EPSS