Lucene search
+L

70 matches found

OSV
OSV
added 2023/02/17 5:15 p.m.3 views

CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671...

7.5CVSS5.5AI score0.00641EPSS
Exploits0References2
Prion
Prion
added 2023/02/17 5:15 p.m.17 views

Information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671...

5CVSS7.2AI score0.00641EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/17 4:51 p.m.18 views

CVE-2022-43927 IBM Db2 for Linux, UNIX and Windows information disclosure

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671...

5.9CVSS7.5AI score0.00641EPSS
Exploits0References2
OSV
OSV
added 2022/12/25 5:15 a.m.4 views

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

6.5CVSS5.9AI score0.00747EPSS
Exploits3References1
NVD
NVD
added 2022/06/09 5:15 p.m.20 views

CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

6.9CVSS0.00379EPSS
Exploits0References8
Cvelist
Cvelist
added 2021/01/12 2:40 p.m.37 views

CVE-2021-21468

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...

6.5CVSS6.8AI score0.01895EPSS
Exploits2References4
OSV
OSV
added 2020/11/26 5:15 p.m.2 views

UBUNTU-CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

4.3CVSS5.8AI score0.00685EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/11/12 8:37 a.m.27 views

CVE-2019-18425

A flaw was in Xen. Guest specified limits for descriptor table access, during PV guest operations, were found to not be enforced. An attacker with the ability to emulate 32-bit guest user mode calls through call gates, would be allowed to install and then use descriptors of their choice as long a...

9.8CVSS1.7AI score0.02546EPSS
Exploits0References4
OSV
OSV
added 2018/11/21 10:23 p.m.26 views

GHSA-83R3-C79W-F6WC High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...

8.3CVSS7.2AI score0.06119EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2018/11/21 10:23 p.m.42 views

High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...

8.3CVSS8AI score0.06119EPSS
Exploits0References6Affected Software3
CNVD
CNVD
added 2018/10/26 12:0 a.m.5 views

Apache Impala Privilege Acquisition Vulnerability

Apache Impala is the United States Apache Apache Software Foundation of a large-scale, distributed parallel processing database query system. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabyte of big data. A...

9.8CVSS9.6AI score0.02456EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.28 views

CVE-2016-10420

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, a...

6.1AI score0.00527EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/12 7:0 p.m.31 views

CVE-2017-7484

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged...

7.4AI score0.0256EPSS
Exploits0References10
Prion
Prion
added 2016/01/29 8:59 p.m.25 views

Authorization

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...

7.5CVSS7AI score0.06119EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2014/11/24 12:0 a.m.29 views

phpyun csrf修改用户密码

简要描述: phpyun csrf修改用户密码 详细说明: 更新用户信息的请求没有防御csrf。可以修改用户的邮箱。而重置密码功能是选择用户信息中的邮箱发送找回验证码。结合利用。 修改用户信息的请求为:...

7.1AI score
Exploits0
NVD
NVD
added 2011/05/03 8:55 p.m.21 views

CVE-2011-1847

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third...

4.9CVSS6.1AI score0.01965EPSS
Exploits0References9
Prion
Prion
added 2011/05/03 8:55 p.m.20 views

Information disclosure

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third...

4.9CVSS6.5AI score0.01965EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2011/05/03 8:0 p.m.69 views

CVE-2011-1847

CVE-2011-1847 affects IBM DB2 9.5 prior to FP7 and 9.7 prior to FP4 on Linux/Unix/Windows. The issue stems from the Relational Data Services component failing to enforce privilege requirements for table access, allowing remote authenticated users to update SYSSTAT.TABLES statistics columns via UP...

4.9CVSS8.8AI score0.01965EPSS
Exploits0References9Affected Software1
rdot
rdot
added 2011/02/04 12:0 a.m.143 views

LKM rootkit в современных Linux

В этой статье мы научимся собирать LKM-rootkit под современные ядра Linux, не смотря на то, что многие пишут, что это неактуально. Попробую опровергнуть это. В данной статье использованны вещи, доступные в паблике и некоторые мои наработки. Руткиты подразделяют на ядерные уровня ядра и неядерные...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/11/19 12:0 a.m.33 views

chCounter 3.1.3 SQL Injection

!/usr/bin/python Exploit Title: chCounter = 3.1.3 SQLInjection Date: 2010/11/18 Author: Matias [email protected]. Software Link: http://chcounter.org/chCounter3/getfile.php?id=5 Version: 3.1.3 Tested on: Ubuntu Server 10.04 with apache Requirements: - Downloads must be...

0.3AI score
Exploits0
Rows per page
Query Builder