CVE-2022-1552

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-459
View all →

Vulnerability Description

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

Related Vulnerabilities

CVE-2018-18924

HIGH
CVSS:8.8(High)

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable ...

CWE-4592018

CVE-2019-18191

HIGH
CVSS:8.8(High)

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution priv...

CWE-4592019

CVE-2019-25016

HIGH
CVSS:8.8(High)

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to...

CWE-4592019

CVE-2020-24489

HIGH
CVSS:8.8(High)

Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-4592020

CVE-2023-36468

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document,...

CWE-4592023

CVE-2024-28265

CRITICAL
CVSS:9.1(Critical)

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.

CWE-4592024