MiracleLinux 8 : postgresql:10 postgresql-10.23-1.module+el8+1581+24b533d8 (AXSA:2023-4747:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4747:01 advisory. postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 Tenable has extracted the preceding description block directly fr...

EUVD-2017-17729

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-8786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a craft...

Moderate: Red Hat Security Advisory: rh-postgresql10-postgresql security and bug fix update

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Bosch BVMS 信息泄露漏洞

Bosch BVMS is an application system from Bosch Germany. It is used for video management. An information disclosure vulnerability exists in Bosch BVMS and VIDEOJET Decoder VJD-7513. An attacker could exploit this vulnerability to disclose sensitive information. The following products and versions...

MailEnable Enterprise Premium Cross-Site Scripting Vulnerability

MailEnable Enterprise Premium is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in MailEnable Enterprise Premium version 10.23. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

MailEnable Enterprise Premium Path Traversal Vulnerability

MailEnable Enterprise Premium is a suite of POP3 and SMTP mail servers from MailEnable Australia. A path traversal vulnerability exists in MailEnable Enterprise Premium version 10.23. The vulnerability stems from a failure of a network system or product to properly filter special elements in the...

CVE-2019-12926

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas...

Directory traversal

MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN...

Xxe

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection XXE attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all...

CVE-2019-12926

CVE-2019-12926 affects MailEnable Enterprise Premium (notably version 10.23; fixes noted for 10.24, with 10.25 as the recommended upgrade). The issue is improper access control: the product did not consistently enforce permission checks, allowing authenticated users to perform actions or reach ar...

CVE-2019-12923

CVE-2019-12923 affects MailEnable Enterprise Premium (versions around 10.23/10.24). The CSRF protection was not implemented correctly, allowing bypass by removing the anti-CSRF token parameter. This could let an attacker manipulate a user into performing actions in the application (e.g., sending ...

CVE-2017-14352

A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Heap overflow

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

DEBIAN-CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

CVE-2017-8786

CVE-2017-8786 affects PCRE2 10.23: vulnerable component is pcre2test.c, which can trigger a heap-based buffer overflow through a crafted regular expression. This can lead to remote denial of service and potentially other unspecified impacts. Exploitation status is not detailed in the provided doc...

HP KeyView Arbitrary Code Execution Vulnerability (CNVD-2015-05715)

HP KeyView is file filtering and conversion software that extracts file content and metadata. A security vulnerability exists in the implementation of HP KeyView versions prior to 10.23.0.1 and prior to 10.24.0.1. A remote attacker can exploit this vulnerability to execute arbitrary code...