22 matches found
EUVD-1999-0343
Malware in sbrugna...
EUVD-2023-28592
Malicious code in bioql PyPI...
SUSE-SU-2025:03005-2 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
postgresql: PostgreSQL executes arbitrary code in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...
postgresql: PostgreSQL code execution in restore operation
A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...
Security update for postgresql17
This update for postgresql17 fixes the following issues: Updated to 17.6: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120 CVE-2025-8714: Fixed untrusted data inclusion in pgdump allows superuser of origin server to execute...
SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:02981-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02981-1 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table...
CVE-2023-24576
EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service nsrexecd irrespective of any auth used...
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...
Mustang Panda targets European diplomats using enhanced PlugX backdoor
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
CVE-2021-31703
Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...
CVE-2021-31899
In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode...
DLL Hijacking Vulnerability in NetEase UU Accelerator of Guangzhou NetEase Computer System Co.
NetEase UU Accelerator is an online game gas pedal product. Guangzhou NetEase Computer Systems Co., Ltd. Netease UU Accelerator DLL hijacking vulnerability, an attacker can exploit the vulnerability in the client process to inject executable DLL file, to perform arbitrary functions...
libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...
libssh2: Integer overflow in transport read resulting in out of bounds write
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...