Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

Cross-site scripting in bootstrap-select

Overview bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later References - CVE - GitHub Advisory...

GHSA-7C82-MP33-R854 Cross-site scripting in bootstrap-select

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

Cross-site scripting in bootstrap-select

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

@0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5), @archey347/uf_blog (=0.0.0) +383 more potentially affected by CVE-2019-20921 via bootstrap-select (>=1.10.0 <=1.13.5)

bootstrap-select NPM version =1.10.0, =4.13.7-rc4, =1.31.0, =1.13.0, =1.0.9, =2.0.0, =0.1.0, =1.0.0, =2.0.0, =2.2.0, =0.0.4, =2.0.0, =2.0.31 and more Source cves: CVE-2019-20921 Source advisory: OSV:GHSA-7C82-MP33-R854...

PT-2021-2874 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to the Database Vault component, where an easily exploitable vulnerability allows a high-privileged attacker with Create Any View, Select Any...

RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

PYSEC-2021-10

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

PYSEC-2021-10

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance

An update for org.ovirt.engine-root, ovirt-engine-ui-extensions, and ovirt-web-ui is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

OESA-2021-1136 hibernate3 security update

Security Fixes: A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly...

DEBIAN-CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. A...

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

...

ALPINE-CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

Design/Logic Flaw

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...