Day: Haziran 9, 2023

CVE-2023-2455

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used…

Devamını oku

CVE-2023-2454

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute…

Devamını oku

CVE-2023-2121

Vault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is…

Devamını oku

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function…

Devamını oku

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up…

Devamını oku

CVE-2023-1428

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC’s C++ implementation to abort() when called via http2:…

Devamını oku