Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

RockyLinux 9 : postgresql:15 (RLSA-2026:28037)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28037 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

8.8CVSS6AI score0.00668EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/22 6:34 a.m.6 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:10 a.m.6 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 8:59 a.m.7 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.7 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 8:5 a.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/03 7:27 p.m.8 views

CVE-2026-6475

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.17 views

SUSE CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References29
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.8 views

CVE-2020-7865

A vulnerabilityimproper input validation in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system...

9.8CVSS7.2AI score0.00921EPSS
Exploits0References1
OSV
OSV
added 2024/08/20 6:34 p.m.9 views

GHSA-MQ69-4J5W-3QWP Capsule tenant owner with "patch namespace" permission can hijack system namespaces

Attack Vector Then, let me briefly explain the reasons for the errors mentioned above: 1. The 'kubectl edit' command was used to patch the namespace, but this operation requires both 'get' and 'patch' permissions, hence the error. One should use methods like 'curl' to directly send a PATCH reques...

8.6CVSS8.9AI score0.0051EPSS
Exploits1References4
OSV
OSV
added 2021/09/07 3:15 p.m.3 views

CVE-2020-7865

A vulnerabilityimproper input validation in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system...

9.8CVSS5.9AI score0.00921EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.3 views

ExECM CoreB2B solution 输入验证错误漏洞

ExECM CoreB2B is provides a repeatable, proven People-Process-Technology model that scales IT teams and ensures operations stay in sync with B2B integration trends and requirements while improving business process optimization. A security vulnerability exists in the ExECM CoreB2B solution that...

9.8CVSS8.6AI score0.00921EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:32 p.m.35 views

Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-8320)

Summary An Apache Cordova Vulnerability for weak randomization was addressed by IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-8320 DESCRIPTION: Apache Cordova Android could allow a remote attacker to bypass security restrictions, caused by weak randomization of...

5CVSS1.1AI score0.04435EPSS
Exploits0Affected Software1
Rows per page
Query Builder