vulnerability
SUSE: CVE-2018-16850: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2018-11-08 | 2018-11-16 | 2021-10-22 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2018-11-08
Added
2018-11-16
Modified
2021-10-22
Description
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
Solution(s)
suse-upgrade-libecpg6suse-upgrade-libecpg6-32bitsuse-upgrade-libpq5suse-upgrade-libpq5-32bitsuse-upgrade-postgresql10suse-upgrade-postgresql10-contribsuse-upgrade-postgresql10-develsuse-upgrade-postgresql10-docssuse-upgrade-postgresql10-plperlsuse-upgrade-postgresql10-plpythonsuse-upgrade-postgresql10-pltclsuse-upgrade-postgresql10-serversuse-upgrade-postgresql10-test
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.