postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HOpensuse Leap
OSOpensuse15.1PostgreSQL
APPPostgresql< 9.6.910.0 – 10.4 (bez)
Related vulnerabilities
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacha...
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...