CVE-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

PostgreSQL JDBC Driver SQL注入漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure...

CVE-2022-30570

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

CVE-2022-30570 TIBCO Data Virtualization Access Control Vulnerability

The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the...

CLSA-2022-1657817751 Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210

CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...

CLSA-2022-1657816156 Fixed CVEs in vim: CVE-2022-2210, CVE-2022-2183, CVE-2022-2207, CVE-2022-2182

CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...

TIBCO Security Advisory: July 19, 2022 - TIBCO Data Virtualization -CVE-2022-30570

TIBCO Data Virtualization Access Control Vulnerability Original release date: July 19, 2022 Lastrevised: --- CVE-2022-30570 Source: TIBCOSoftware Inc. Products Affected TIBCO Data Virtualization versions 8.5.2 and below TIBCO Data Virtualization for AWS Marketplace versions 8.5.2 and below The...

KB5014354 - Description of the security update for SQL Server 2017 GDR: June 14, 2022

KB5014354 - Description of the security update for SQL Server 2017 GDR: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a speciall...

KB5014351 - Description of the security update for SQL Server 2016 SP2 CU17: June 14, 2022

KB5014351 - Description of the security update for SQL Server 2016 SP2 CU17: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a...

Vulnerability fixed in Microsoft SQL Server

A vulnerability has been fixed in Microsoft SQL Server. The vulnerability allows an authenticated malicious person to execute arbitrary code, possibly as a Database Administrator, by executing a specially prepared query via the $ partition on a table where a Column Store index is present. Abuse o...

Cabot Cross Site Scripting (XSS) vulnerability via Address column

Cross Site Scripting XSS vulnerability in Arachnys Cabot up to and including 0.11.12 can be exploited via the Address column...

GHSA-8Q2H-4MQ6-396J Cabot Cross Site Scripting (XSS) vulnerability via Address column

Cross Site Scripting XSS vulnerability in Arachnys Cabot up to and including 0.11.12 can be exploited via the Address column...

Stored XSS vulnerability in Description Column Plugin

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

GHSA-QXRX-M6V6-M767 Stored XSS vulnerability in Description Column Plugin

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

Stored XSS vulnerability in Jenkins Link Column Plugin

Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...

GHSA-Q2MM-W3QC-2936 Stored XSS vulnerability in Jenkins Link Column Plugin

Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...

Grafana XSS via a column style

Grafana has a XSS vulnerability via a column style on the "Dashboard Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099...

GHSA-CCMG-W4XM-P28V Grafana XSS in header column rename

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

Grafana XSS in header column rename

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...

GHSA-2XCM-H7VV-G8M9 Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...