The vulnerability of the aiven-extras extension of the PostgreSQL database management system allows a hacker to gain superuser privileges, execute arbitrary code, and disclose sensitive information.

The vulnerability of the aiven-extras extension in the PostgreSQL database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain superuser privileges, execute arbitrary code, and disclose sensitive information...

CVE-2023-32305

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...

CVE-2023-32305

CVE-2023-32305 affects the PostgreSQL extension aiven-extras . The root cause is missing schema qualifiers on privileged functions called by the extension, allowing a low-privilege user to create objects that collide with existing function names and have them executed, enabling escalation to the ...

CVE-2023-32305 aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...

PT-2023-2939 · Aiven · Aiven-Extras

Name of the Vulnerable Software and Affected Versions: aiven-extras versions prior to 1.1.9 Description: The issue is related to a privilege escalation vulnerability in the aiven-extras PostgreSQL extension. It allows a low-privileged user to elevate to superuser inside PostgreSQL databases that...

aiven-extras 安全漏洞

aiven-extras is a tool that enables non-super users to access certain database functions. A security vulnerability exists in aiven-extras versions prior to 1.1.9, which contains an elevation of privilege vulnerability that can be exploited by an attacker to gain superuser privileges, allowing...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

Important: xorg-x11-server

Issue Overview: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems...

SUSE CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

Denial of Service (DoS)

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes. Details Denial of...

Unchecked Input for Loop Condition

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition. SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects...

Design/Logic Flaw

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorizedkeys file...

CVE-2013-4253

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorizedkeys file...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that enables building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift, which stems from unsupported "OpenShift Extras" that install a default public key...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service. The vulnerability exists because complete HTTP body decompression is not properly detected and the code repeatedly attempts to decompress the data appended to the HTTP message causing an infinite loop which leads to an...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

CVE-2022-3252 affects Apple SwiftNIO Extras. The issue arises in the transparent HTTP body decompression helpers, specifically HTTPRequestDecompressor and HTTPResponseDecompressor, which fail to detect when the decompressed body is complete. Attacks can append trailing junk data to a compressed H...

PT-2022-21351 · Unknown · Swiftnio Extras

Name of the Vulnerable Software and Affected Versions: SwiftNIO Extras affected versions not specified Description: The issue is related to improper detection of complete HTTP body decompression in SwiftNIO Extras. This can lead to an infinite loop and denial-of-service when trailing junk data is...

Apple SwiftNIO Extras 安全漏洞

Apple SwiftNIO Extras is an extension for the SwiftNIO web application framework from Apple Inc. A security vulnerability exists in Apple SwiftNIO Extras, which stems from the fact that if garbage data is appended to the body of an HTTP message, the code will repeatedly attempt to decompress this...