Lucene search
K

140 matches found

NVD
NVD
added 2023/04/23 8:15 p.m.13 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References5
Prion
Prion
added 2023/04/23 8:15 p.m.21 views

Code injection

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

5CVSS7.5AI score0.0043EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/23 12:0 a.m.6 views

PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...

7.5CVSS7.4AI score0.0043EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/04/23 12:0 a.m.15 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.7AI score0.0043EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.4 views

EnterpriseDB EDB Postgres Advanced Server 安全漏洞

EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...

7.5CVSS7.3AI score0.0043EPSS
Exploits0References6
Imperva Blog
Imperva Blog
added 2023/03/08 11:35 p.m.18 views

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

1.1AI score
Exploits0
OSV
OSV
added 2023/03/06 9:15 p.m.3 views

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

8.8CVSS7.2AI score0.01097EPSS
Exploits0References1
NVD
NVD
added 2023/03/06 9:15 p.m.22 views

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

8.8CVSS9.1AI score0.01097EPSS
Exploits0References1
Prion
Prion
added 2023/03/06 9:15 p.m.21 views

Command injection

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

6.8CVSS9.1AI score0.01097EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/06 12:0 a.m.60 views

CVE-2023-0093

CVE-2023-0093 affects Okta Advanced Server Access Client versions 1.13.1–1.65.0. The root cause is a vulnerable third‑party library, webbrowser , used by the ASA client, enabling command injection . Exploitation requires the user to be phished into entering an attacker‑controlled server URL durin...

8.8CVSS9AI score0.01097EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.4 views

Okta Advanced Server Access Client 命令注入漏洞

Okta Advanced Server Access Client is a zero-trust identity and access management for cloud and local infrastructures from Okta USA. A security vulnerability exists in Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 that stems from the presence of a command injection vulnerabili...

8.8CVSS7.9AI score0.01097EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/06 12:0 a.m.27 views

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

9.3AI score0.01097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/06 12:0 a.m.8 views

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

7.9AI score0.01097EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.5 views

PT-2023-16008 · Okta · Okta Advanced Server Access Client

Name of the Vulnerable Software and Affected Versions: Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 Description: The issue is related to command injection due to an outdated third-party library called webbrowser. This library is used by the Okta Advanced Server Access Client...

8.8CVSS8.7AI score0.01097EPSS
Exploits0References4
NVD
NVD
added 2022/03/23 8:15 p.m.15 views

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...

9.3CVSS0.01466EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/23 8:15 p.m.4 views

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...

9.3CVSS7.7AI score0.01466EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 8:15 p.m.18 views

Command injection

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...

9.3CVSS8.6AI score0.01466EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/23 7:46 p.m.80 views

CVE-2022-1030

The CVE-2022-1030 entry concerns Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0, which is vulnerable to command injection via a specially crafted URL. The root cause is a URL-based command injection that lets an attacker, who knows a valid team name for the victim ...

9.3CVSS8.7AI score0.01466EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.3 views

Okta Advanced Server Access Client 操作系统命令注入漏洞

Okta Advanced Server Access Client is a zero-trust identity and access management for cloud and local infrastructures from Okta USA. An operating system command injection vulnerability exists in Okta Advanced Server Access Client versions prior to 1.58.0 on Linux and macOS, which could allow an...

9.3CVSS8.1AI score0.01466EPSS
Exploits0References2
OSV
OSV
added 2022/02/21 6:15 p.m.6 views

CVE-2022-24295

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL...

8.8CVSS7.2AI score0.17855EPSS
Exploits0References1
Rows per page
Query Builder