SUSE CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

SUSE CVE-2018-1052

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table...

SUSE CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

SUSE CVE-2019-10129

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites...

SUSE CVE-2021-25900

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insertmany...

SUSE CVE-2021-29457

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An...

SUSE CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

SUSE CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

WordPress Wp-Insert Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Wp-Insert Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25461 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d6f86fdf4f79 Credits Abdi Pranata Required privile...

WP Insert < 2.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-35183 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: A general protection fault issue was discovered in the nilfs btree insert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-35049 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: A general protection fault issue was discovered in the nilfs btree insert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-34756 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: A general protection fault issue was discovered in the nilfs btree insert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-34912 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: A general protection fault issue was discovered in the nilfs btree insert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-34855 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.165 Description: A general protection fault issue was discovered in the nilfs btree insert function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

EulerOS Virtualization 3.0.2.2 : cyrus-sasl (EulerOS-SA-2023-1250)

According to the versions of the cyrus-sasl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE...

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4483

The CVE-2022-4483 entry concerns the Insert Pages WordPress plugin prior to version 3.7.5. The root cause is that the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as contributor privileges against high‑privilege admins. A...