140 matches found
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
Code injection
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
EnterpriseDB EDB Postgres Advanced Server 安全漏洞
EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...
Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases
It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...
CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
Command injection
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
CVE-2023-0093
CVE-2023-0093 affects Okta Advanced Server Access Client versions 1.13.1–1.65.0. The root cause is a vulnerable third‑party library, webbrowser , used by the ASA client, enabling command injection . Exploitation requires the user to be phished into entering an attacker‑controlled server URL durin...
Okta Advanced Server Access Client 命令注入漏洞
Okta Advanced Server Access Client is a zero-trust identity and access management for cloud and local infrastructures from Okta USA. A security vulnerability exists in Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 that stems from the presence of a command injection vulnerabili...
CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
PT-2023-16008 · Okta · Okta Advanced Server Access Client
Name of the Vulnerable Software and Affected Versions: Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 Description: The issue is related to command injection due to an outdated third-party library called webbrowser. This library is used by the Okta Advanced Server Access Client...
CVE-2022-1030
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...
CVE-2022-1030
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...
Command injection
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...
CVE-2022-1030
The CVE-2022-1030 entry concerns Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0, which is vulnerable to command injection via a specially crafted URL. The root cause is a URL-based command injection that lets an attacker, who knows a valid team name for the victim ...
Okta Advanced Server Access Client 操作系统命令注入漏洞
Okta Advanced Server Access Client is a zero-trust identity and access management for cloud and local infrastructures from Okta USA. An operating system command injection vulnerability exists in Okta Advanced Server Access Client versions prior to 1.58.0 on Linux and macOS, which could allow an...
CVE-2022-24295
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL...