Lucene search
K

6043 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/14 12:0 a.m.50 views

PostgreSQL 9.3.x < 9.3.25 / 9.4.x < 9.4.20 / 9.5.x < 9.5.15 / 9.6.x < 9.6.11 / 10.x < 10.6 / 11.x < 11.1 SQL injection

The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.25, 9.4.x prior to 9.4.20, 9.5.x prior to 9.5.15, 9.6.x prior to 9.6.11, 10.x prior to 10.6, or 11.x prior to 11.1. It is, therefore, affected by following vulnerability: - An SQL injection SQLi vulnerability exists in...

9.8CVSS8.3AI score0.0515EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/11/13 5:54 p.m.1 views

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2018/11/13 5:54 p.m.4 views

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

5.5CVSS6.7AI score0.03228EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2018/11/13 5:52 p.m.5 views

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2018/11/13 4:36 p.m.3 views

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

5.5CVSS6.7AI score0.03228EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2018/11/13 4:31 p.m.3 views

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

5.5CVSS6.7AI score0.03228EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2018/11/13 4:31 p.m.5 views

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References7
NVD
NVD
added 2018/11/13 3:29 p.m.17 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

9.8CVSS9.1AI score0.0515EPSS
Exploits0References7
Prion
Prion
added 2018/11/13 3:29 p.m.28 views

Sql injection

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

7.5CVSS9.6AI score0.0515EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2018/11/13 3:29 p.m.28 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

9.8CVSS6.1AI score0.0515EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2018/11/13 3:0 p.m.42 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

9.8CVSS9.8AI score0.0515EPSS
Exploits0
CVE
CVE
added 2018/11/13 3:0 p.m.298 views

CVE-2018-16850

CVE-2018-16850 affects PostgreSQL before versions 11.1 and 10.6, vulnerable to an SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. A specially crafted trigger definition can allow an attacker to execute arbitrary SQL statements with superuser privileges. The vulnerabili...

9.8CVSS9.5AI score0.0515EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2018/11/13 3:0 p.m.24 views

CVE-2018-16850

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

8CVSS9.6AI score0.0515EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2018/11/13 3:0 p.m.23 views

CVE-2018-16850

Removed by vendor...

9.8CVSS8AI score0.0515EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/09 12:0 a.m.37 views

FreeBSD : PostgreSQL -- SQL injection in pg_upgrade and pg_dump (1c27a706-e3aa-11e8-b77a-6cc21735f730)

The PostgreSQL project reports : CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during ...

9.8CVSS7.9AI score0.0515EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2018/11/08 12:0 a.m.613 views

PostgreSQL -- SQL injection in pg_upgrade and pg_dump

The PostgreSQL project reports: CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during a...

9.8CVSS2.9AI score0.0515EPSS
Exploits0References1
PostrgeSql
PostrgeSql
added 2018/11/08 12:0 a.m.554 views

Vulnerability in core server (CVE-2018-16850)

SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...

9.8CVSS9.1AI score0.0515EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/11/05 2:57 p.m.6 views

glusterfs: "features/index" translator can create arbitrary, empty files

A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GFXATTROPENTRYINKEY and GFXATTROPENTRYOUTKEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node...

8.5CVSS7.4AI score0.0263EPSS
Exploits0References4
OSV
OSV
added 2018/10/31 10:29 p.m.1 views

DEBIAN-CVE-2018-14651

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

8.8CVSS8.8AI score0.03225EPSS
Exploits0References1
OSV
OSV
added 2018/10/31 7:29 p.m.1 views

UBUNTU-CVE-2018-14654

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...

6.5CVSS6.8AI score0.0263EPSS
Exploits0References6
Rows per page
Query Builder