11 matches found
CVE-2026-6476
SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...
FreePBX 安全漏洞
FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI-based web interface. Versions of FreePBX prior to 17.0.8 contained a security vulnerability. This vulnerability stemmed from the OAuth2 implementation in the API module,...
Dolibarr ERP/CRM Authenticated Code Injection
Dolibarr ERP/CRM versions prior to 17.0.1 allow remote code execution by an authenticated user who has access to the Website module...
CVE-2025-47911 affecting package vitess for versions less than 17.0.7-14
CVE-2025-47911 affecting package vitess for versions less than 17.0.7-14. A patched version of the package is available...
Medium: postgresql17
Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...
GitLab Enterprise Edition和GitLab Community Edition 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...
PT-2024-13070 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.2 iPadOS versions prior to 17.2 iOS version 16.7.3 iPadOS version 16.7.3 Description: A remote attacker may be able to cause a denial-of-service. This issue was addressed with improved checks. Recommendations: For iOS...
AZL-28656 CVE-2023-41910 affecting package lldpd for versions less than 1.0.14-3
An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDPTLVADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdpdecode in daemon/protocols/cdp.c...
Twitter-Post-Fetcher 安全漏洞
Twitter-Post-Fetcher is a library by Jason Mayes personal developer. Used to fetch your twitter posts without using the new twitter 1.1 API. A security vulnerability exists in Twitter-Post-Fetcher versions before 17.x. An attacker exploited the vulnerability to cause victims to use web links from...
PT-2022-10637 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 17.0 Description: A flaw was found in Wildfly, where an incorrect JBOSS LOCAL USER challenge location when using the elytron configuration may lead to JBOSS LOCAL USER access to all users on the machine. The highest...
PT-2013-2624 · Mozilla +1 · Firefox Esr +5
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 20.0 Firefox ESR versions prior to 17.0.5 Thunderbird versions prior to 17.0.5 Thunderbird ESR versions prior to 17.0.5 SeaMonkey versions prior to 2.17 Description: The issue allows local users to gain...