7830 matches found
CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
AZL-53212 CVE-2024-10979 affecting package postgresql for versions less than 16.5-1
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
AZL-53198 CVE-2024-10979 affecting package postgresql for versions less than 14.14-1
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
ALPINE-CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
DEBIAN-CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
UBUNTU-CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
CVE-2024-10979
CVE-2024-10979 affects PostgreSQL PL/Perl: incorrect control of environment variables (e.g., PATH) by an unprivileged database user can enable arbitrary code execution. Affected PostgreSQL versions include pre-17.1, pre-16.5, pre-15.9, pre-14.14, pre-13.17, and pre-12.21. Remediation is via vendo...
CVE-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
CVE-2024-10979 PostgreSQL PL/Perl environment variable changes execute arbitrary code
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
CVE-2024-10979
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...
PT-2024-28644 · Insyde · Insyde Ihisi
Name of the Vulnerable Software and Affected Versions: Insyde IHISI versions prior to kernel 5.2 version 05.29.19 Insyde IHISI versions prior to kernel 5.3 version 05.38.19 Insyde IHISI versions prior to kernel 5.4 version 05.46.19 Insyde IHISI versions prior to kernel 5.5 version 05.54.19 Insyde...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...
CVE-2024-39707
Insyde IHISI function 0x49 can restore the factory defaults of certain UEFI variables without authentication, enabling a potential roll-back attack on specific platforms. Affected stack: Insyde IHISI (on affected platforms) with kernel versions prior to 5.2/05.29.19, prior to 5.3/05.38.19, prior ...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL that stems from incorre...
Vulnerability in core server (CVE-2024-10979)
PostgreSQL PL/Perl environment variable changes execute arbitrary code Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if...
PostgreSQL -- PL/Perl environment variable changes execute arbitrary code
PostgreSQL project reports: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server...
FreeBSD : FreeBSD -- Certificate revocation list fetch(1) option fails (ce0f52e1-a174-11ef-9a62-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ce0f52e1-a174-11ef-9a62-002590c1f29c advisory. The fetch3 library uses environment variables for passing certain information, including the revocation...
CVE-2024-45289
The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...
CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer
The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...