GO-2025-4119 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance in github.com/aws/aws-advanced-go-wrapper/awssql...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating crafted functions with names that...

GHSA-7WQ2-32H4-9HC9 AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

EUVD-2025-180216

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance...

AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS...

EUVD-2025-48942

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow privilege escalation to the rds_superuser role via a crafted function executed by a low-privileged authenticated user. Affected wrappers include AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, and AWS PGSQL ...

CVE-2025-12967

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...

PT-2025-46181

Name of the Vulnerable Software and Affected Versions AWS JDBC Wrapper versions prior to 2.6.5 AWS Go Wrapper versions prior to 2025-10-17 AWS NodeJS Wrapper versions prior to 2.0.1 AWS Python Wrapper versions prior to 1.4.0 AWS PGSQL ODBC driver versions prior to 1.0.1 Description An issue in AW...

EUVD-2021-1136

Malware in sbrugna...

CentOS 7 : buildah (RHSA-2020:1231)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1231 advisory. - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This...

PT-2022-18404 · Red Hat · Podman

Name of the Vulnerable Software and Affected Versions: podman versions prior to the version fixed via RHSA-2020:2117 Description: The issue could potentially be used to crash or cause code execution in Go applications using the Go GPGME wrapper library under certain conditions during GPG signatur...

GPGME Go wrapper contains Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

Huawei EulerOS: Security Advisory for iSulad-kit (EulerOS-SA-2020-1290)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...

DEBIAN-CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

Design/Logic Flaw

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...

CVE-2020-8945

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification...