CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Rosalinux•added 2024/10/03 10:25 p.m.•41 views

Advisory ROSA-SA-2024-2501

Software: postgresql 12.20 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.20-1.rv3 CVE-ID: CVE-2021-32027 BDU-ID: 2021-02776 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to an operation exceeding buffer boundaries during array...

8.8CVSS8.4AI score0.11726EPSS

Rosalinux•added 2024/10/03 8:54 p.m.•25 views

Advisory ROSA-SA-2024-2484

Software: postgresql13 13.15 OS: rosa-server79 packageevrstring: postgresql13-13.15-1PGDG.res7 CVE-ID: CVE-2022-41862 BDU-ID: 2023-02003 CVE-Crit: LOW CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to information disclosure. Exploitation of the vulnerability...

8.8CVSS8.2AI score0.04322EPSS

OSV•added 2024/10/03 7:50 p.m.•7 views

GHSA-78P3-FWCQ-62C2 @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings

Summary The endpoint /site-structure/localizer/save-string/:lang/:defstring accepts two parameter values: lang and defstring. These values are used in an unsafe way to set the keys and value of the cfgStrings object. It allows to add/modify properties of the Object prototype that result in severa...

8.6CVSS8.7AI score

Metasploit•added 2024/10/03 6:54 p.m.•318 views

Acronis Cyber Infrastructure default password remote code execution

Acronis Cyber Infrastructure ACI is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native...

9.8CVSS9.8AI score0.53535EPSS

Exploits3

0day.today•added 2024/10/03 12:0 a.m.•185 views

Acronis Cyber Infrastructure Default Password Remote Code Execution Exploit

9.8CVSS7.7AI score0.53535EPSS

Exploits3

Packet Storm•added 2024/10/03 12:0 a.m.•411 views

Acronis Cyber Infrastructure Default Password Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'Acronis Cyber Infrastructure default password remote code execution', 'Description' = %q Acronis Cyber Infrastructure ACI is an ...

9.8CVSS7.1AI score0.53535EPSS

Exploits3

SUSE Linux•added 2024/10/02 3:11 p.m.•1 views

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 15.8 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...

8.8CVSS7.4AI score0.01565EPSS

Amazon•added 2024/10/02 12:0 a.m.•3 views

Important: libpq

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Amazon•added 2024/10/02 12:0 a.m.•3 views

Important: postgresql

Amazon•added 2024/10/02 12:0 a.m.•2 views

Important: postgresql

Amazon•added 2024/10/02 12:0 a.m.•2 views

Important: postgresql

Tenable Nessus•added 2024/10/02 12:0 a.m.•17 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-013)

The version of libpq installed on the remote host is prior to 14.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-013 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

Tenable Nessus•added 2024/10/02 12:0 a.m.•11 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-012)

The version of postgresql installed on the remote host is prior to 14.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-012 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...

Tenable Nessus•added 2024/10/02 12:0 a.m.•19 views

Amazon Linux 2 : libpq (ALASPOSTGRESQL12-2024-012)

The version of libpq installed on the remote host is prior to 12.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-012 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

Tenable Nessus•added 2024/10/02 12:0 a.m.•11 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2024-011)

The version of postgresql installed on the remote host is prior to 12.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL12-2024-011 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...

Tenable Nessus•added 2024/10/02 12:0 a.m.•22 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-007)

The version of postgresql installed on the remote host is prior to 13.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2024-007 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary...