PostgreSQL 9.6.x < 9.6.22 / 10.x < 10.17 / 11.x < 11.12 / 12.x < 12.7 / 13.x < 13.3 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.6 prior to 9.6.22, 10 prior to 10.17, 11 prior to 11.12, 12 prior to 12.7, or 13 prior to 13.3. As such, it is potentially affected by multiple vulnerabilities : - Buffer overrun from integer overflow in array subscripting calculations...

FreeBSD : PostgreSQL server -- two security issues (62da9702-b4cc-11eb-b9c9-6cc21735f730)

The PostgreSQL project reports : Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can...

Information Disclosure

postgresql is vulnerable to information disclosure. The vulnerability exists through the use of an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, allowing arbitrary bytes of server memory to be read. The CREATE and TEMPORARY privileges on all databases and the CREATE...

UBUNTU-CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

GHSA-RJ5F-7C8X-GJG4 Prototype Pollution in promisehelpers

All versions of package promisehelpers up to and including version 0.0.5 are vulnerable to Prototype Pollution via the insert function...

CVE-2021-2008

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager component: FMW Control Plugin. The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Hasura GraphQL 1.3.3 Denial Of Service

Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...

Oracle WebLogic Server 输入验证错误漏洞

Oracle WebLogic Server is a cloud-native, enterprise-grade Java platform application server for multi-tier distributed enterprise application development and deployment. A security vulnerability exists in the Console component of Oracle WebLogic Server version 10.3.6.0.0. An attacker could exploi...

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in Rust version 2021-02-26 and prior versions, which stems from the possibility of a double release in get or insert. No detailed vulnerability details are...

CVE-2021-29933

An issue was discovered in the insertmany crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next method panics...

CVE-2021-29933

An issue was discovered in the insertmany crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next method panics...

Cross Site Scripting vulnerability allows injecting HTML code into table edits

h3. Issue Summary Cross Site Scripting vulnerability allows injecting HTML code into table edits h3. Steps to Reproduce Edit a page Then access the Insert macro 'Info' option. A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp...

TIBCO Security Advisory: March 23, 2021 - TIBCO FTL -2021-28820

TIBCO FTL Windows Platform Artifact Search vulnerability Original release date:March 23, 2021 Last revised: CVE-2021-28820 Source: TIBCO Software Inc. Products Affected TIBCO FTL - Community Edition versions 6.5.0 and below TIBCO FTL - Developer Edition versions 6.5.0 and below TIBCO FTL -...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

Design/Logic Flaw

Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes...

CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insertmany...

Rust Buffer Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer error vulnerability exists in Rust smallvec crate before 0.6.14 and 1.x before 1.6.1, which stems from a heap-based buffer overflow in SmallVec::insert many...

CVE-2021-2048

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

CVE-2021-2000

CVE-2021-2000 affects Oracle Database Server’s Unified Audit component. Affected: 12.1.0.2, 12.2.0.1, 18c, 19c. Root cause described as a vulnerability in the Unified Audit data handling that a high-privilege SYS user with network access via Oracle Net could exploit to perform unauthorized update...

CVE-2021-1998

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...