Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32028: 1956877 – (CVE-2021-32028) CVE-2021-32028 postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

A flaw was found in postgresql. Using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE

Related news

CVE-2021-32029: PostgreSQL: CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-35202: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

CVE-2021-35199: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

CVE-2021-35203: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

CVE-2021-35205: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

CVE-2021-35204: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

CVE-2021-35198: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

CVE-2021-35200: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

CVE-2020-12082: CVE-2020-12082 Remediated in Code Insight

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2020-12083: CVE-2020-12083 Remediated in Code Insight

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2021-25454: Samsung Mobile Security

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

CVE-2021-25456: Samsung Mobile Security

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

CVE-2021-25455: Samsung Mobile Security

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

CVE-2021-40085: OSSA-2021-005: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts — OpenStack Security Advisories 0.0.1.dev244 documentation

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

CVE-2021-37605:

In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.

CVE-2020-18169: CVE_Assessment_04_2019/Snagit_Report.pdf at master · GitHubAssessments/CVE_Assessment_04_2019

** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.

CVE-2017-3085: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2017-3080: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907