CVE-2024-10979

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-15
View all →

Vulnerability Description

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Related Vulnerabilities

CVE-2021-27406

HIGH
CVSS:8.8(High)

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into i...

CWE-152021

CVE-2023-32349

HIGH
CVSS:8.8(High)

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored...

CWE-152023

CVE-2023-3321

HIGH
CVSS:8.8(High)

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially craf...

CWE-152023

CVE-2023-46248

HIGH
CVSS:8.8(High)

Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in c...

CWE-152023

CVE-2023-4704

HIGH
CVSS:8.8(High)

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CWE-152023

CVE-2021-38453

CRITICAL
CVSS:9.1(Critical)

Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CWE-152021