Privilege Escalation

MySQL is vulnerable privilege escalation vulnerability. A low privileged attacker with network access via multiple protocols could compromise MySQL Server resulting in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a...

PostgreSQL memory leak vulnerability (CNVD-2019-16482)

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. There is a security vulnerability in PostgreSQL. An attacker can...

Vulnerability in core server (CVE-2019-10129)

Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

PostgreSQL -- Memory disclosure in partition routing

The PostgreSQL project reports: Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network...

Oracle Commerce Platform Component Access Control Error Vulnerability

Oracle Commerce is the United States Oracle Oracle company's set of e-business solutions. Commerce Platform is one of them to provide a multi-functional e-business platform components. An access control error vulnerability exists in the Oracle Commerce Platform component. An attacker could exploi...

Iptables Essentials - Common Firewall Rules And Commands

Tools to help you configure Iptables Shorewall - advanced gateway/firewall configuration tool for GNU/Linux. Firewalld - provides a dynamically managed firewall. UFW - default firewall configuration tool for Ubuntu. FireHOL - offer simple and powerful configuration for all Linux firewall and...

CVE-2019-2397

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracl...

Design/Logic Flaw

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications subcomponent: Login. Supported versions that are affected are 8.1 and 8.2. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety...

CVE-2018-3311

Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications subcomponent: Security. The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment...

openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash

An issue was discovered in Open vSwitch OvS, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2, where the ofprotoruleinsert function inside ofproto/ofproto.c is affected by an assertion failure under certain circumstances. A specially crafted flow update applied using the bundling...

openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash

An issue was discovered in Open vSwitch OvS, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2, where the ofprotoruleinsert function inside ofproto/ofproto.c is affected by an assertion failure under certain circumstances. A specially crafted flow update applied using the bundling...

CVE-2019-6294

An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI...

Cross site request forgery (csrf)

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

Amazon Linux AMI : postgresql95 (ALAS-2018-1118)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash

An issue was discovered in Open vSwitch OvS, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2, where the ofprotoruleinsert function inside ofproto/ofproto.c is affected by an assertion failure under certain circumstances. A specially crafted flow update applied using the bundling...

Unspecified Vulnerability in Oracle Hyperion Common Events Component (CNVD-2019-38556)

Oracle Hyperion is the United States Oracle Oracle company's set of financial modeling applications. The software provides financial settlement, report production and other functions. Hyperion Common Events is one of the event processing components. A security vulnerability exists in the User...