Opennms Group OpenNMS Cross-Site Scripting Vulnerability

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from US-based Opennms Group. OpenNMS suffers from a cross-site scripting vulnerability in the source bootstrap.jsp parameter that allows an attacker to access confidential session...

SUSE: Security Advisory (SUSE-SU-2023:4287-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

SUSE CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

SUSE CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

SUSE CVE-2018-20676

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

SUSE CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

SUSE CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Important: postgresql

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Important: postgresql

Issue Overview: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grant...

USN-6366-1 postgresql-9.5 vulnerability

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser...

Important: postgresql15

Issue Overview: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an...

Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-4847)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4847 advisory. - In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CVE-2018-14040 - In Bootstrap before 4.1.2, XSS is possible in the...

Oracle Linux 7 : ipa (ELSA-2020-3936)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3936 advisory. - Resolves: 1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method - WebUI: Apply jQuery patch to fix...

Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2020-4670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4670 advisory. bind-dyndb-ldap 11.3-1 - New upstream release - Resolves: rhbz1845211 ipa 4.8.7-12.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 295166...

OESA-2023-1578 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...