10064 matches found
Photon OS 5.0: Postgresql14 PHSA-2026-5.0-0762
An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0762. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
postgresql15-15.16-1.1 on GA media (moderate)
postgresql15-15.16-1.1 on GA media Announcement ID: openSUSE-SU-2026:10191-1 Rating: moderate Cross-References: CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...
Linux Distros Unpatched Vulnerability : CVE-2026-2003
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks...
CVE-2026-2003
A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely. Mitigation Mitigation for this issu...
CVE-2026-2003
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...
CVE-2026-2003
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...
CVE-2003-1276
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEYCURRENTUSER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts...
CVE-2003-1582
Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...
CVE-2003-1595
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors...
CVE-2003-1568
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an invalid URL, related to the websSafeUrl function...
CVE-2003-1335
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.5 allows remote attackers to download files from locations above the snif directory...
CVE-2003-1323
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors...
CVE-2003-1521
Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...
CVE-2003-1569
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service daemon crash via an HTTP request with a 1 con, 2 nul, 3 clock$, or 4 config$ device name in a path component, different vectors than CVE-2001-0385...
CVE-2003-1596
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session...
CVE-2003-1004
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service dropped IPSec tunnel connection via an IKE Phase I negotiation request to the outside interface of the firewall...
CVE-2003-1246
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver IPD 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command...
CVE-2008-6819
win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service system crash via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of the...
CVE-2019-2003
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...
Happy 23rd Birthday TaoSecurity Blog
Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of...