11 matches found
CVE-2026-45342
LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...
CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
MiracleLinux 7 : bind-9.11.4-9.P2.0.1.el7.AXS7 (AXSA:2019-4292:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4292:05 advisory. bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies CVE-2018-5741 Tenable has extracted the preceding description block directly...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
SUSE CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
DEBIAN-CVE-2023-39418
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
October 11, 2022 Security update (KB5018415)
None None...
bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies
To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...
CVE-2018-5741 Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...
BYOD Gives Vulnerable Devices Corporate Network Access
Policies allowing employees to bring their own devices to work BYOD have the unintended consequence of increasing the total number of vulnerable devices connecting to corporate networks and accessing corporate data, a report released today by Rapid 7 said. While the general consensus says that BY...
CVE-2013-2395
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567...