31 matches found
CVE-2026-29789
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
CVE-2026-29789
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
CVE-2026-29789
Summary: Vito (self-hosted web app) suffers a cross-project privilege escalation due to a missing authorization check in workflow site-creation actions. Affected versions: prior to 3.20.3. Impact: an authenticated user with workflow write access in one project can create/manage sites on servers b...
CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
MiracleLinux 7 : rh-postgresql94-postgresql-9.4.12-1.el7 (AXSA:2017-1729:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1729:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...
MiracleLinux 7 : postgresql-9.2.21-1.el7 (AXSA:2017-1914:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1914:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll ne...
MiracleLinux 4 : rh-postgresql94-postgresql-9.4.14-1.AXS4 (AXSA:2017-2281:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2281:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...
MiracleLinux 7 : rh-postgresql94-postgresql-9.4.14-1.el7 (AXSA:2017-2241:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2241:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...
EUVD-2017-16506
Malware in sbrugna...
SUSE CVE-2017-7486
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pgusermappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server...
SUSE CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so...
Information Disclosure
PostgreSQL is vulnerable to information disclosure vulnerability. The pgusermappings access qualifications are not properly implemented. A remote authenticated user may be able to view foreign server passwords which leads to data modification...
postgresql: pg_user_mappings view discloses passwords to users lacking server privileges
An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the...
postgresql: pg_user_mappings view discloses passwords to users lacking server privileges
An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the...
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so...
CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so...
UBUNTU-CVE-2017-7547
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so...
postgresql: pg_user_mappings view discloses foreign server passwords
It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...
postgresql: pg_user_mappings view discloses foreign server passwords
It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...