Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Base Score: 7.1 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html
______________________________________________
Description
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Base Score: 7.3 HIGH
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
CVE-2023-23397 Description:Microsoft Outlook Elevation of Privilege Vulnerability CNA: Microsoft CorporationBase Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
CVE-2023-21589 Description Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Base Score: 7.8 HIGH https://helpx.adobe.com/security/products/indesign/apsb23-07.html _____________________________________________________________________ CVE-2023-21588 […]
CVE-2022-43883 Description IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. Base Score: 7.5 HIGH https://www.ibm.com/support/pages/node/6841801 ____________________ CVE-2022-38708 Description IBM Cognos Analytics […]
Leave a Reply