CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus

Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...

CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus

Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...

CVE-2023-25149

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...

CVE-2023-25149

TimescaleDB (open-source) vulnerability CVE-2023-25149 affects versions 2.8.0–2.9.2. During installation, a telemetry job runs as the installation user and its queries were not executed with a locked-down search_path, enabling a user who can create objects in a database to craft functions that th...

CVE-2023-25149 TimescaleDB has incorrect access control

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...

[SECURITY] [DSA 5313-1] hsqldb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5313-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...

SolarWinds Orion Secrets Dump

This module exports and decrypts credentials from SolarWinds Orion Network Performance Monitor NPM to a CSV file; it is intended as a post-exploitation module for Windows hosts with SolarWinds Orion NPM installed. The module supports decryption of AES-256, RSA, and XMLSEC secrets. Separate action...

Zoom Client for Meetings < 5.12.6 Vulnerability (ZSB-22025)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.12.6. It is, therefore, affected by a vulnerability as referenced in the ZSB-22025 advisory. - The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a loca...

Fedora: Security Advisory for mariadb (FEDORA-2022-e0e9a43546)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mariadb (FEDORA-2022-333df1c4aa)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

CVE-2022-28764

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...

Information disclosure

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...

CVE-2022-28764

CVE-2022-28764 – Zoom Client for Meetings affects Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to 5.12.6. Root cause: failure to clear data from a local SQL database after a meeting ends combined with insufficiently secure per-device key encryption of that database. Impact...

CVE-2022-28764 Local information exposure in Zoom Clients

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...

CVE-2022-28764 Local information exposure in Zoom Clients

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...

Zoom Client 信息泄露漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. An information disclosure vulnerability exists in Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows versions prior to 5.12.6, which stems from failing to clear data from a loc...

SQLite: Multiple Vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no kno...

RLSA-2022:7119 Moderate: mysql:8.0 security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. Security Fixes: mysql: Server: DML multiple unspecified...

sqlite security update

An update is available for sqlite. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list SQLite is a C library that implements an SQL database engine. A large subset o...