47pages-keystone (>=0.0.1 <=0.0.5), @amplify-app/create (>=0.1.0 <=0.1.4) +2358 more potentially affected by CVE-2020-13110 via kerberos (>=0.0.11 <=0.0.9)

kerberos NPM version =0.0.11, =0.0.1, =0.1.0, =1.8.5-alpha.46, =1.0.3, =1.0.2, =0.12.0, =0.2.0, =1.0.0, =0.0.5, =0.1.2-beta.1, =0.1.2-beta.7 and more Source cves: CVE-2020-13110 Source advisory: OSV:GHSA-M2MX-RFPW-JGHV...

CVE-2012-3338

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286...

Security feature bypass

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286...

Information disclosure

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717 Prototype Pollution

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

PT-2020-19739 · Dot-Notes · Dot-Notes

Name of the Vulnerable Software and Affected Versions: dot-notes versions prior to 3.2.1 Description: The issue concerns Prototype Pollution via the create function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 3.2.1, update to version 3.2.1 ...

PT-2020-13709 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...

Debian DLA-2348-1 : php-horde-core security update

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version 2.27.6+debian1-2+deb9u1. We recommend that you upgrade your php-horde-core packages. For the detailed security...

CVE-2020-23974

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

Cross site scripting

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

CVE-2020-23974

Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...

CVE-2020-23974

CVE-2020-23974 affects Create-Project Manager 1.07. The issue is described as Multi Persistent Cross-site Scripting and HTML injection via UI surfaces such as Online chat, Social feed, Message(title-tag), and Add new client (all-tags). The provided documents do not specify the root cause details,...

ExpressionEngine: SQL injection at /admin.php?/cp/members/create

SQL injection vulnerability in the control panel. This is limited to users who have access to the control panel, and the ability to create members...

USN-4472-1: PostgreSQL vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

USN-4472-1 postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

PostgreSQL 9.5.x < 9.5.23 / 9.6.x < 9.6.19 / 10.x < 10.14 / 11.x < 11.9 / 12.x < 12.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.5 prior to 9.5.23, 9.6 prior to 9.6.19, 10 prior to 10.14, 11 prior to 11.9, or 12 prior to 12.4. As such, it is potentially affected by multiple vulnerabilities : - Uncontrolled search path element in logical replication CVE-2020-14349 ...

CVE-2019-20152

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...

CVE-2019-20152

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...

Cross site scripting

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...

CVE-2019-20152

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...