Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

CVE-2026-6477

The CVE describes a vulnerability in PostgreSQL libpq where PQfn(..., result_is_int=0, ...) can cause an arbitrary, server-supplied data payload to be written into a client stack memory buffer by the server superuser. Affected components include libpq functions lo_export(), lo_read(), lo_lseek64(...

MiracleLinux 7 : rh-postgresql94-postgresql-9.4.14-1.el7 (AXSA:2017-2241:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2241:02 advisory. It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty...

EUVD-2016-0784

Malware in sbrugna...

EUVD-2022-55245

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

SUSE CVE-2022-49963

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...

DEBIAN-CVE-2022-49963

In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

Code injection

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

CVE-2023-41115

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTLENCODE, an authenticated user can read any large object, regardless of that user's permissions...

PT-2023-27798 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the fact that an authenticated user can read any large object when...

Regular Expression Denial Of Service (ReDoS)

mocha is vulnerable to Regular Expression Denial Of Service. The stack prettifier function which is enabled by default, consumes excessive resources and requires a long time to complete when parsing a large Error.message containing certain assertions against large objects...

CVE-2018-8005

When there are multiple ranges in a range request, Apache Traffic Server ATS will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgra...

postgresql: lo_put() function ignores ACLs

An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service...

postgresql: lo_put() function ignores ACLs

An authorization flaw was found in the way PostgreSQL handled large objects. A remote, authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of the object, thus resulting in denial of service...

BSA-2017-396

Security Advisory ID : BSA-2017-396 Component : PostgreSQL Revision : 1.0: Interim An authorization flaw was found in the way PostgreSQL handled large objects. A remote authenticated attacker with no privileges on a large object could potentially use this flaw to overwrite the entire content of t...

CVE-2017-7548

PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service...

CVE-2016-0768

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects...