26 matches found
SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2026:2303-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2303-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user...
SUSE-SU-2026:2303-1 Security update for postgresql17
This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...
CVE-2026-6476
SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...
Security update for postgresql17
This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...
EUVD-2025-199759
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...
CVE-2025-12571 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON...
CVE-2025-10497
GitLab CVE-2025-10497 affects GitLab CE/EE versions: 17.10–18.3.5 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1. An unauthenticated attacker could cause a denial-of-service by sending specially crafted payloads. A patch is available in GitLab 18.5.1 (and related patch releases) to rem...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition EE that originates from an attacker being able to perform sensitive keyword searches. The following products and versions are affected:...
PT-2025-15979 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive...
Microsoft Visual Studio和Microsoft .NET 安全漏洞
Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...
Microsoft Visual Studio and Microsoft .NET Security Vulnerabilities
Microsoft Visual Studio and Microsoft .NET are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a fundamentally complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft .NET...
Zoom Client 安全漏洞
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.17.10 that stems from improper privilege management and could allow authenticated users to escalate privileges via local access...
DEBIAN-CVE-2022-48619
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a bitmap...
AZL-45402 CVE-2022-29526 affecting package delve 1.5.0-16
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Microsoft Dynamics Business Central 跨站脚本漏洞
Microsoft Dynamics Business Central is an enterprise resource planning system from Microsoft. The system includes functionality for financial management, project management, and supply chain management. A cross-site scripting vulnerability exists in Microsoft Dynamics Business Central Control. Th...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The vulnerability is related to the SMB Server Message Block protocol and affects Windows operating systems. The repository contains various PoCs Proof of Concepts and exploits for different versions of Windows, including Windo...
Micro Focus Fortify Software Security Center Unauthorized Access Vulnerability
Micro Focus Fortify Software Security Center SSC is a suite of software lifecycle security management solutions from Micro Focus UK. The product includes centralized management of application security, automated auditing and risk management. An unauthorized access vulnerability exists in Micro...
Linux kernel buffer overflow vulnerability (CNVD-2018-14219)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'truncateinlineinode' function in the fs/f2fs/inline.c file in Linux kernel versions 4.17.10 and earlier, which stems fro...
Linux kernel invalid pointer dereference vulnerability (CNVD-2018-24480)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'delrelocroot' function of the fs/btrfs/relocation.c file in Linux kernel versions 4.17.10 and earlier, where the vulnerable...
USN-3648-1 curl vulnerabilities
Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute...