1285 matches found
Information Disclosure
postgresql-13 is vulnerable to information disclosure. An attacker may be able to acquire denied-column values from an error message...
CVE-2020-10375
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
postgresql: Selectivity estimators bypass row security policies
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...
CVE-2020-25449
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
CVE-2020-25449
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
PYSEC-2020-226
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
Cross site scripting
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
PYSEC-2020-226
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
CVE-2020-25449
Cross Site Scripting XSS vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column...
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Impact Any install that has UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end, is being impacted. The value of these properties is ignored if set, allowing any user to modify table and column descriptions, even though the properties imply they shouldn't be. Patche...
expat: heap-based buffer over-read via crafted XML input
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen
A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS via a column style on the "Dashboard Table Panel" screen...
grafana: XSS via column.title or cellLinkTooltip
A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...
sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations
A NULL pointer dereference was found in SQLite in the way it executes select statements with column optimizations. An attacker who is able to execute SQL statements can use this flaw to crash the application...
CVE-2020-7734
All versions of package cabot are vulnerable to Cross-site Scripting XSS via the Endpoint column...
PYSEC-2020-227
All versions of package cabot are vulnerable to Cross-site Scripting XSS via the Endpoint column...
Cross site scripting
All versions of package cabot are vulnerable to Cross-site Scripting XSS via the Endpoint column...
PYSEC-2020-227
All versions of package cabot are vulnerable to Cross-site Scripting XSS via the Endpoint column...
CloudBees Jenkins Description Column Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...