1449 matches found
Code injection
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...
PHP file inclusion via insert tags
Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...
CVE-2021-38152
index.php/appointment/insertpatientaddappointment in Chikitsa Patient Management System 2.0.0 allows XSS...
OPENSUSE-SU-2021:1785-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. -...
Security update for postgresql12 (moderate)
openSUSE Security Update: Security update for postgresql12 Announcement ID: openSUSE-SU-2021:1994-1 Rating: moderate References: 1179945 1183118 1183168 1185924 1185925 1185926 Cross-References: CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVSS scores: CVE-2021-32027 NVD : 8.8...
SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2021:1970-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1970-1 advisory. - A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying...
SUSE: Security Advisory (SUSE-SU-2021:1970-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
Oracle Linux 8 : postgresql:9.6 (ELSA-2021-2360)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2360 advisory. 9.6.22-1 - Rebase to 9.6.22 Resolves: 1964516 Fix: CVE-2021-32027, CVE-2021-32028 Tenable has extracted the preceding description block directly from t...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...
postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...