Lucene search
K

11 matches found

CVE
CVE
added 2026/05/28 8:47 p.m.17 views

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 8:47 p.m.14 views

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : bind-9.11.4-9.P2.0.1.el7.AXS7 (AXSA:2019-4292:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4292:05 advisory. bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies CVE-2018-5741 Tenable has extracted the preceding description block directly...

6.5CVSS6.9AI score0.03451EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/12/20 9:45 a.m.3 views

postgresql: MERGE fails to enforce UPDATE or SELECT row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS7.3AI score0.00956EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/08/16 2:19 a.m.5 views

SUSE CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.7CVSS7.5AI score0.00956EPSS
Exploits0References8
OSV
OSV
added 2023/08/11 1:15 p.m.3 views

DEBIAN-CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

4.3CVSS6.2AI score0.00956EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2022/10/11 12:0 a.m.9 views

October 11, 2022 Security update (KB5018415)

None None...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/08/06 2:1 p.m.31 views

bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

6.5CVSS7.1AI score0.03451EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/01/16 8:0 p.m.20 views

CVE-2018-5741 Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

6.5CVSS6.6AI score0.03451EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2013/08/09 2:19 p.m.15 views

BYOD Gives Vulnerable Devices Corporate Network Access

Policies allowing employees to bring their own devices to work BYOD have the unintended consequence of increasing the total number of vulnerable devices connecting to corporate networks and accessing corporate data, a report released today by Rapid 7 said. While the general consensus says that BY...

1.3AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/04/17 5:55 p.m.22 views

CVE-2013-2395

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567...

6.8CVSS7.1AI score0.02552EPSS
Exploits0References2
Rows per page
Query Builder