Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Base Score: 7.1 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
______________________________________________
Description
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Base Score: 7.3 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
CVE-2022-47986 Description IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was […]
CVE-2023-0138 Description Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Base Score: 8.8 HIGH https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html _____________________________ CVE-2023-0136 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote […]
CVE-2019-25044 Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Base Score: 7.8 HIGH https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
Leave a Reply