Vulnerabilities (CVE)

Filtered by CWE-183
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25696 2 Debian, Postgresql 2 Debian Linux, Postgresql 2024-11-21 7.6 HIGH 7.5 HIGH
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2023-7250 2024-11-12 N/A 5.3 MEDIUM
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
CVE-2024-47565 1 Siemens 1 Sinec Security Monitor 2024-10-11 N/A 4.3 MEDIUM
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application.
CVE-2024-38522 1 Hushline 1 Hush Line 2024-09-17 N/A 6.3 MEDIUM
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
CVE-2024-1654 2024-03-14 N/A 7.2 HIGH
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.