CVE-2021-29702

Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658...

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

Vulnerability fixed in IBM Db2

IBM has fixed a vulnerability in Db2. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service exploit. To do this, a rogue SELECT statement must be executed on the database. IBM has released updates to fix the vulnerability in Db2 11.1.4FP6 and...

IBM DB2 注入漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in Db2 that originates from an abnormal termination of the server duri...

postgresql: Partition constraint violation errors leak values of denied columns

An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information...

Schneider Electric PowerLogic 授权问题漏洞

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. Provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices and operators. An authorization issue vulnerability exists in PowerLogic's PM55xx,...

postgresql: Partition constraint violation errors leak values of denied columns

An information leak was discovered in postgresql. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information...

SUSE: Security Advisory (SUSE-SU-2021:0543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox UI spoofing vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a UI spoofing vulnerability that originates when Firefox does not properly render oversized ＜select＞ elements, which can be exploited by remote attackers to perform spoofing attacks...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2021-1973)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : sqlite (EulerOS-SA-2021-1965)

According to the version of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL...

UBUNTU-CVE-2021-29961

When styling and rendering an oversized element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox 89...

CVE-2021-29961

When styling and rendering an oversized element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox 89...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a UI spoofing vulnerability that originates when Firefox does not properly render oversized ＜select＞ elements, which can be exploited by remote attackers to perform spoofing attacks...

PT-2022-4772 · Mariadb +9 · Mariadb +10

Name of the Vulnerable Software and Affected Versions: MariaDB versions 10.5.9 and earlier Description: The issue is related to an uncontrolled resource consumption in MariaDB. This can be exploited to cause a denial of service. The problem arises from certain long SELECT DISTINCT statements that...

CVE-2021-24287

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue...

CVE-2021-24287 Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue...

CVE-2021-32053

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

CVE-2021-32053

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

Hardcoded credentials

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...