nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

CVE-2021-20227 : SQLite contains a flaw in the SELECT implementation (src/select.c) that can trigger a use-after-free when an attacker can run SQL locally. This may lead to a denial of service and, in some cases, possible code execution. The Astra Linux security bulletin mirrors this SQLite issue...

MyBB 1.8.25 - Poll Vote Count SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

MGASA-2021-0121 Updated postgresql packages fix security vulnerabilities

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message CVE-2021-3393. A user having a SELECT privilege on an individual column can craft a special query that returns all columns of...

DEBIAN-CVE-2021-20229

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...

ALPINE-CVE-2021-20229

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...

Design/Logic Flaw

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality...

SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:0543-1)

This update for postgresql13 fixes the following issues : Upgrade to version 13.2 : - Updating stored views and reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. - CVE-2021-20229, bsc1182039: Fix...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:0545-1)

This update for postgresql13 fixes the following issues : Upgrade to version 13.2 : Updating stored views and reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. CVE-2021-20229, bsc1182039: Fix failure t...

OpenEMR SQL注入漏洞

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/main/finder/patientselect.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...

UBUNTU-CVE-2021-3393

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. A...

KLA12088 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A security bypass vulnerability in SELECT privilege can be exploited to bypass securi...

In SQLite before 3.32.3 select.c mishandles query-flattener optimization leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

...

PT-2021-2222 · Unknown +3 · Postgresql +2

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.2 PostgreSQL versions prior to 12.6 PostgreSQL versions prior to 11.11 PostgreSQL versions prior to 10.16 PostgreSQL versions prior to 9.6.21 PostgreSQL versions prior to 9.5.25 Description: A flaw was found in...

PT-2021-1982 · Unknown +10 · Postgresql +9

Name of the Vulnerable Software and Affected Versions: postgresql versions prior to 13.2 postgresql versions prior to 12.6 postgresql versions prior to 11.11 Description: An information leak was discovered in postgresql. A user with UPDATE permission but not SELECT permission to a particular colu...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...