Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Base Score: 7.1 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
______________________________________________
Description
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Base Score: 7.3 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
CVE-2022-2536 Description The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the ‘tp_translation’ AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on […]
CVE-2022-46328 Description Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Base Score: 7.5 HIGH https://consumer.huawei.com/en/support/bulletin/2022/12/ ______________________________ CVE-2022-46327 Description Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. Base Score: 9.8 CRITICAL https://consumer.huawei.com/en/support/bulletin/2022/12/ _____________________________ CVE-2022-46326 Description Some smartphones have […]
CVE-2023-21597 Description Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/incopy/apsb23-08.html ____________________________________ CVE-2023-21596 Description […]
Leave a Reply