select-if.de Cross Site Scripting vulnerability OBB-1338944

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

select-if.de Cross Site Scripting vulnerability OBB-1335669

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

GHSA-9R7H-6639-V5MW Cross-Site Scripting in bootstrap-select

Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later...

@0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5), @archey347/uf_blog (=0.0.0) +383 more potentially affected by CVE-2019-20921 via bootstrap-select (>=1.10.0 <=1.13.5)

bootstrap-select NPM version =1.10.0, =4.13.7-rc4, =1.31.0, =1.13.0, =1.0.9, =2.0.0, =0.1.0, =1.0.0, =2.0.0, =2.2.0, =0.0.4, =2.0.0, =2.0.31 and more Source cves: CVE-2019-20921 Source advisory: OSV:GHSA-9R7H-6639-V5MW...

Cross-Site Scripting in bootstrap-select

Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later...

PT-2020-10876 · Twitter · Bootstrap-Select

Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...

USN-4488-1 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14346 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

Security Bulletin: IBM InfoSphere BigInsights contains a denial of service vulnerability that can be exploited by a remote, authenticated DB2 user issuing a specially-crafted SELECT statement with ROUND or TRUNCATE function (CVE-2015-0157).

Summary InfoSphere BigInsights Big SQL contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with ROUND or TRUNCATE function. The vulnerability exists in the IBM DB2 component included in...

CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access...

glpi -- SQL Injection in Search API

MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or databa...

PT-2020-1264 · Sqlite +9 · Sqlite +9

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.32.3 Description: The issue is related to a heap overflow in SQLite due to the misuse of transitive properties for constant propagation, which can lead to local information disclosure. This is caused by a missing...