EUVD-2026-32211

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

CVE-2026-35533

The CVE-2026-35533 issue affects mise (dev tools manager). From 2026.2.18–2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can cause that file to be treated as trusted and reac...

CVE-2026-35533 mise has a local settings bypass config trust checks

mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...

EUVD-2007-6567

Malware in sbrugna...

EUVD-2007-3268

Malware in sbrugna...

SUSE CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

ZSQL: Local Trust Authentication

In local trust authentication mode, a database user can connect to the local database in password-free mode using zsql after the local connection is authenticated. Then, this user can maintain database accounts. You are advised to disable the local trust authentication during service running...

Google Removing SHA-1 Support in Chrome 56

The home stretch for SHA-1 deprecation is in full effect with Google on Wednesday announcing its final deprecation deadlines for the Chrome browser, and a cryptographic services provider warning that there’s still a long way to go to get sites off SHA-1 certificates. Google said it will remove it...

PostgreSQL privilege escalation via dblink

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200801-15 PostgreSQL: Multiple vulnerabilities If using the 'expression indexes' feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSI...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

PostgreSQL privilege escalation via dblink

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

PostgreSQL privilege escalation via dblink

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete...

Vulnerability in contrib module (CVE-2007-6601)

DBLink functions combined with local trust or ident access control could be used by a malicious user togain superuser privileges. A valid login is required to exploit this vulnerability...

PT-2008-1573 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.3 through 7.3.20 PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5 Description: The issue allows remote attackers t...

PT-2007-4557 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.1 and later Description: The issue allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries. This is possible when local trust authentication is enabled and the Database Link library dblink ...