Lucene search
K

34 matches found

OSV
OSV
added 2022/08/31 7:13 a.m.3 views

SUSE-SU-2022:2946-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...

8CVSS7.9AI score0.0152EPSS
Exploits0References3
OSV
OSV
added 2022/08/29 5:7 a.m.5 views

MGASA-2022-0313 Updated postgresql packages fix security vulnerability

Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 Extension scripts replace objects not belonging to the extension CVE-2022-2625...

8.8CVSS8.3AI score0.11726EPSS
Exploits0References5
OSV
OSV
added 2022/08/26 9:44 a.m.2 views

SUSE-SU-2022:2912-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension bsc1202368...

8CVSS8AI score0.0152EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/18 12:0 a.m.68 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PostgreSQL vulnerability (USN-5571-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5571-1 advisory. Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code...

8CVSS7.7AI score0.0152EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/08/11 12:0 a.m.27 views

Debian dla-3072 : libecpg-compat3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3072 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3072-1 [email protected] https://www.debian.org/lts/security/...

8CVSS7.3AI score0.0152EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/11 12:0 a.m.2 views

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which can be exploited...

8CVSS7.5AI score0.0152EPSS
Exploits0References22
PostrgeSql
PostrgeSql
added 2022/08/11 12:0 a.m.54 views

Vulnerability in core server (CVE-2022-2625)

Extension scripts replace objects not belonging to the extension Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands. Some don't adhere to the documented rule to target only objects known to be extension members already. An attack requires permission to create non-temporary...

8CVSS7.4AI score0.0152EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.4 views

proxy-down 操作系统命令注入漏洞

proxyee-down is an open source free HTTP high-speed downloader , the underlying use of netty development , support for custom HTTP request download and support for extensions , you can install extensions to achieve special download requirements . Proxyee-down suffers from an operating system...

9.3CVSS7.9AI score0.01135EPSS
Exploits1References1
OSV
OSV
added 2021/08/05 9:15 p.m.3 views

CVE-2021-34638

Authenticated Directory Traversal in WordPress Download Manager = 3.1.24 allows authenticated Contributor+ users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration informatio...

6.5CVSS6.6AI score0.01331EPSS
Exploits1References1
ArchLinux
ArchLinux
added 2018/06/19 12:0 a.m.30 views

[ASA-201806-11] pass: arbitrary code execution

Arch Linux Security Advisory ASA-201806-11 ========================================== Severity: High Date : 2018-06-19 CVE-ID : CVE-2018-12356 Package : pass Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-720 Summary ======= The package pass before version...

9.8CVSS2.5AI score0.04648EPSS
Exploits0References5
NVD
NVD
added 2018/06/15 2:29 a.m.16 views

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS9.7AI score0.04648EPSS
Exploits0References8
OSV
OSV
added 2018/06/15 2:29 a.m.2 views

UBUNTU-CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS7.6AI score0.04648EPSS
Exploits0References7
OSV
OSV
added 2018/06/15 2:29 a.m.1 views

DEBIAN-CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS8AI score0.04648EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/06/15 2:0 a.m.24 views

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS9.8AI score0.04648EPSS
Exploits0
Rows per page
Query Builder