6024 matches found
ABB Mint WorkBench 安全漏洞
ABB Mint WorkBench is a single Windows tool from ABB Switzerland that is compatible with the ABB family of motion controllers and servo drives. A security vulnerability exists in ABB Mint WorkBench 5866 and prior versions that originated from allowing a low-privileged attacker to create and write...
PT-2022-20616 · Unknown · Drive Composer
Name of the Vulnerable Software and Affected Versions: Drive Composer affected versions not specified Description: The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does not already exist...
CVE-2021-40902
flatCore-CMS version 2.0.8 is affected by Cross Site Scripting XSS in the "Create New Page" option through the index page...
CVE-2021-40902
flatCore-CMS version 2.0.8 is affected by Cross Site Scripting XSS in the "Create New Page" option through the index page...
flatCore 跨站脚本漏洞
flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore version 2.0.8, which stems from a lack of checksum filtering of user-supplied and output data in the Create New Page option of the index page. An attacker can...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
SMB-Session-Spoofing - Tool To Create A Fake SMB Session
Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
CVE-2022-1419
The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...
DEBIAN-CVE-2022-1419
The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, and vgemgemdumbcreate will access the freed drmvgemgemobject...
SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
ALPINE-CVE-2022-31622
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a nonzero value while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of...
CVE-2022-29362
A cross-site scripting XSS vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter...
MariaDB 安全漏洞
MariaDB is the database management system of the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine. a denial of service vulnerability exists in versions of MariaDB Server prior to 10.7, which originates in extra/mariabackup/dscompress.cc, and can be exploited...
GHSA-Q9XX-4689-GVV5 Magento Unauthorized access to restricted resources
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...