CVE-2022-50927

CVE-2022-50927 affects Cyclades Serial Console Server 3.3.0. The vulnerability is a local privilege escalation caused by overly permissive sudo privileges granted to the admin user and admin group. An attacker could exploit the default user configuration to obtain root access by manipulating syst...

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2023-30625

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

GHSA-3JMM-F6JJ-RCC3 rudder-server is vulnerable to SQL injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

rudder-server is vulnerable to SQL injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

K000137875: PostGreSQL vulnerability CVE-2018-1058

Security Advisory Description A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...

SQL Injection

rudder-server is vulnerable to SQL Injection. The vulnerability is due to the SaveFailedRecordIDs and getPendingStagingFileCount functions using untrusted user input in a SQL statement without using prepared queries, which may result in remote code execution because the PostgresSQL database is ru...

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

Exploit for Path Traversal in Wso2 Api_Manager

Better CVE-2022-29464 Certain WSO2 products allow unrestricte...

GHSA-RPX7-33J2-XX9X Arbitrary file deletion in NeMo ASR webapp

Description NVIDIA NeMo contains a vulnerability in ASR WebApp, where Relative Path Traversal CWE-23 may lead to deletion of any directory through the "../" structure when admin privileges are available. CVSS Score = 2.0...

Arbitrary file deletion in NeMo ASR webapp

Description NVIDIA NeMo contains a vulnerability in ASR WebApp, where Relative Path Traversal CWE-23 may lead to deletion of any directory through the "../" structure when admin privileges are available. CVSS Score = 2.0...

CVE-2020-9409

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a...

Design/Logic Flaw

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a...

CVE-2020-9409

The CVE-2020-9409 entry affects TIBCO JasperReports Server family (JasperReports Server, JasperReports Server for AWS Marketplace, and ActiveMatrix BPM) with versions 7.1.1 and below. The connected sources confirm a vulnerability in the administrative UI that could let an unauthenticated attacker...

PT-2020-20641 · Tibco Software · Tibco Jasperreports Server For Aws Marketplace +2

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 7.1.1 and below TIBCO JasperReports Server for AWS Marketplace versions 7.1.1 and below TIBCO JasperReports Server for ActiveMatrix BPM versions 7.1.1 and below Description: The administrative UI component ...

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Mitigation Upstream suggests the following mitigation can be used to...

Medium: postgresql93, postgresql94, postgresql95, postgresql96

Issue Overview: Uncontrolled search path element in pgdump and other client applications A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser i...

Design/Logic Flaw

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...