CVE-2015-3988

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a 1 Glance image, 2 Nova flavor or 3 Host Aggregate...

CVE-2015-3988

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a 1 Glance image, 2 Nova flavor or 3 Host Aggregate...

Fedora 20 : ikiwiki-3.20140125-1.fc20 (2014-1747)

Update to the latest stable version. Changes in ikiwiki 3.20140125 : - inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes - osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102 : - aggregate:...

Dropbox Requests National Security Letter Transparency

Dropbox, as LinkedIn did a week ago, filed an amicus brief yesterday with the United States Foreign Intelligence Surveillance Court FISC requesting permission to publish the number of National Security Letter requests the cloud storage company receives. Dropbox followed LinkedIn’s lead, arguing i...

Microsoft Security Bulletin MS10-083 - Important Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)

Microsoft Security Bulletin MS10-083 - Important Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution 2405882 Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability i...

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)

Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution 978251 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Windows. The...

security flaw

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

USN-369-1: PostgreSQL vulnerabilities

Michael Fuhr discovered an incorrect type check when handling unknown literals. By attempting to coerce such a literal to the ANYARRAY type, a local authenticated attacker could cause a server crash. Josh Drake and Alvaro Herrera reported a crash when using aggregate functions in UPDATE statement...

FreeBSD : postgresql -- multiple vulnerabilities (65c8ecf9-2adb-11db-a6e2-000e0c2e438a)

Multiple vulnerabilities had been reported in various versions of PostgreSQL : - The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check. - A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending ...

CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:040)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : A flaw in the LOAD command could be abused by a local user to load arbitrary shared libraries and as a result execute arbitrary code with the privileges of the user running the postgresql server CVE-2005-0227. A...

security flaw

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

security flaw

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

CVE-2005-0244

CVE-2005-0244 affects PostgreSQL 8.0.0 and earlier; local users could bypass the EXECUTE permission check for functions via CREATE AGGREGATE, as described in the CVE entry. Connected advisories show this vulnerability being addressed by multiple vendors, including Red Hat (RHSA-2005:138/141) and ...