Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of index rollover requests when an explicit target index name is provided. An attacker can create a new index with an unauthorized name by exploiting insufficient access control checks on the targ...

SUSE CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node's filesystem where the bleve index resides, if the user has used bleve's own HTTP bleve/http handlers fo...

CVE-2024-3233

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

PT-2024-24511 · WordPress · The Ivory Search

Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.5 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability chec...

WordPress Ivory Search plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Index Creation vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Ivory Search versions = 5.5.5...

Ivory Search – WordPress Search Plugin < 5.5.6 - Subscriber+ Index Creation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index...

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

CVE-2023-45471

The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute...

PT-2023-29561 · Qad · Qad Search Server

Name of the Vulnerable Software and Affected Versions: QAD Search Server versions up to, and including, 1.0.0.315 Description: The QAD Search Server is vulnerable to Stored Cross-Site Scripting XSS due to insufficient checks on indexes. This allows unauthenticated attackers to create a new index...

DEBIAN-CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

UBUNTU-CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

Low: Red Hat Security Advisory: 389-ds:1.4 security and bug fix update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

389-ds:1.4 security and bug fix update

An update is available for 389-ds-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

MariaDB 10.1.0 < 10.1.9 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.9 advisory. - Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality,...

MariaDB Server 10.0.x < 10.0.23 Multiple DoS

Binary data 9285.prm...

Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...

postgresql: CREATE INDEX race condition possibly leading to privilege escalation

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

postgresql: CREATE INDEX race condition possibly leading to privilege escalation

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

UBUNTU-CVE-2014-0062

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

Hyper Estraier directory traversal/denial of service vulnerability

Overview Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files. Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when...