DEBIAN-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

UBUNTU-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

PT-2023-35948 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Invalid-free. The crash state involves several functions, including reset context and cmt decode...

CVE-2023-31452

A cross-site request forgery CSRF token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

libcap: Memory Leak on pthread_create() Error

A vulnerability was found in the pthreadcreate function in libcap. This issue may allow a malicious actor to use cause realpthreadcreate to return an error, which can exhaust the process memory...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.1.1, which stems from a misconfiguration of permissions that allows low-privileged users to create tags...

django-sspanel Command Injection Vulnerability

django-sspanel is a new shadowsocks web panel developed with diango by Ehco Personal Developers. A security vulnerability exists in django-sspanel version v2022.2.2, which stems from a Remote Command Execution RCE vulnerability in the GoodsCreateView.post method of sspanel/adminview.py...

Lost and Found Information System Cross-Site Scripting Vulnerability

Lost and Found Information System is a lost and found information system by the individual developer oretnom23. A security vulnerability exists in version 1.0 of the Lost and Found Information System, which can be exploited to run arbitrary code via the First Name and Last Name fields on the Crea...

PT-2023-25458 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: sourcecodester Lost and Found Information System version 1.0 Description: The issue allows remote attackers to run arbitrary code via the First Name, Middle Name, and Last Name fields on the "Create User" page. This is a Cross Site Scripting...

CVE-2023-36159

Cross Site Scripting XSS vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

CVE-2023-39022

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument...

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.

...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

Denial Of Service (DoS)

github.com/taosdata/TDengine is vulnerable to Denial Of Service DoS. The vulnerability exists due to the improper input validation of the library, which allows an attacker with the create function privilege to crash the application by providing a maliciously crafted UDF nested query...