3 matches found
GHSA-727H-HRW8-JG8Q Path traversal in org.postgresql:postgresql
In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...
GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability
Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...
freerdp: Out of bound read in update_recv could result in a crash
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOGTRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0...