CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

CVE-2018-10723

Directus 6.4.9 contains a hardcoded admin password for the Admin account caused by an INSERT in api/schema.sql. Multiple sources (CNVD-2018-09196, NVD CVE-2018-10723, OSV, PRION) describe this as an elevation of privilege/vector involving a hardcoded credential, enabling potential administrator a...

CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

UBUNTU-CVE-2018-10472

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot...

CVE-2018-2807

The CVE-2018-2807 entry affects Oracle Financial Services Applications’ FLEXCUBE Core Banking, Securities subcomponent, specifically versions 11.5.0, 11.6.0, and 11.7.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise FLEXCUBE Core Banking, with att...

Security update for postgresql95 (important)

This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: https://www.postgresql.org/docs/9.5/static/release-9-5-11.html CVE-2018-1053, boo1077983: Ensure that all temporary files made by pgupgrade are non-world-readable. boo1079757: Rename...

CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

ALPINE-CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

CVE-2018-1052

Removed by vendor...

Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery component (CNVD-2018-01514)

Oracle Financial Services Applications is Oracle's suite of core banking, online banking, and property management financial services software. Oracle Financial Services Price Creation and Discovery is one of the financial services price creation and discovery component. A security vulnerability...

Design/Logic Flaw

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Login. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2018-2642

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications subcomponent: File Upload. Supported versions that are affected are 7.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus...

CVE-2017-10273

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware subcomponent: Deployment. Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon ...

CVE-2018-2647

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

Design/Logic Flaw

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

CVE-2014-8336

The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table...