6043 matches found
PostgreSQL 9.3.x < 9.3.25 / 9.4.x < 9.4.20 / 9.5.x < 9.5.15 / 9.6.x < 9.6.11 / 10.x < 10.6 / 11.x < 11.1 SQL injection
The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.25, 9.4.x prior to 9.4.20, 9.5.x prior to 9.5.15, 9.6.x prior to 9.6.11, 10.x prior to 10.6, or 11.x prior to 11.1. It is, therefore, affected by following vulnerability: - An SQL injection SQLi vulnerability exists in...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
Sql injection
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
CVE-2018-16850 affects PostgreSQL before versions 11.1 and 10.6, vulnerable to an SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. A specially crafted trigger definition can allow an attacker to execute arbitrary SQL statements with superuser privileges. The vulnerabili...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
Removed by vendor...
FreeBSD : PostgreSQL -- SQL injection in pg_upgrade and pg_dump (1c27a706-e3aa-11e8-b77a-6cc21735f730)
The PostgreSQL project reports : CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during ...
PostgreSQL -- SQL injection in pg_upgrade and pg_dump
The PostgreSQL project reports: CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during a...
Vulnerability in core server (CVE-2018-16850)
SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...
glusterfs: "features/index" translator can create arbitrary, empty files
A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GFXATTROPENTRYINKEY and GFXATTROPENTRYOUTKEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node...
DEBIAN-CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...
UBUNTU-CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...