34 matches found
SUSE-SU-2022:2946-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...
MGASA-2022-0313 Updated postgresql packages fix security vulnerability
Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 Extension scripts replace objects not belonging to the extension CVE-2022-2625...
SUSE-SU-2022:2912-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PostgreSQL vulnerability (USN-5571-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5571-1 advisory. Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code...
Debian dla-3072 : libecpg-compat3 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3072 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3072-1 [email protected] https://www.debian.org/lts/security/...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which can be exploited...
Vulnerability in core server (CVE-2022-2625)
Extension scripts replace objects not belonging to the extension Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands. Some don't adhere to the documented rule to target only objects known to be extension members already. An attack requires permission to create non-temporary...
proxy-down 操作系统命令注入漏洞
proxyee-down is an open source free HTTP high-speed downloader , the underlying use of netty development , support for custom HTTP request download and support for extensions , you can install extensions to achieve special download requirements . Proxyee-down suffers from an operating system...
CVE-2021-34638
Authenticated Directory Traversal in WordPress Download Manager = 3.1.24 allows authenticated Contributor+ users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration informatio...
[ASA-201806-11] pass: arbitrary code execution
Arch Linux Security Advisory ASA-201806-11 ========================================== Severity: High Date : 2018-06-19 CVE-ID : CVE-2018-12356 Package : pass Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-720 Summary ======= The package pass before version...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
UBUNTU-CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
DEBIAN-CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...