Lucene search
K

5 matches found

Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.8AI score0.00272EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 3:33 p.m.2 views

GHSA-HJ5C-MHH2-G7JQ Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

Summary The hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. Details The access contr...

4.3CVSS5.9AI score0.00272EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.4 views

PT-2023-26944 · Resort Data Processing +1 · Irm Next Generation +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The RDPData.dll file exposes the "/irmdata/api/common" endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obta...

9.1CVSS9.3AI score0.00468EPSS
Exploits0References7
OSV
OSV
added 2020/09/11 5:15 a.m.2 views

UBUNTU-CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

6.5CVSS6.3AI score0.02787EPSS
Exploits0References4
OSV
OSV
added 2020/09/11 5:15 a.m.1 views

UBUNTU-CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

6.5CVSS6.4AI score0.02686EPSS
Exploits0References4
Rows per page
Query Builder