Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-35634: Windows Bluetooth Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component.

Microsoft Security Response Center
#vulnerability#windows#rce#auth#Microsoft Bluetooth Driver#Security Vulnerability
CVE-2023-36009: Microsoft Word Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

CVE-2023-36006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2023-35639: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2023-36391: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-41113: CVE-2023-41113 - EDB Postgres Advanced Server (EPAS) permissions bypass via accesshistory()

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections.

CVE-2023-41118: CVE-2023-41118 - EDB Postgres Advanced Server (EPAS) UTL_FILE permission bypass

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.

CVE-2023-41114: CVE-2023-41114 - EDB Postgres Advanced Server (EPAS) authenticated users may fetch any URL

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions.

CVE-2023-41120: CVE-2023-41120 - EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.

CVE-2023-41115: CVE-2023-41115 - EDB Postgres Advanced Server (EPAS) permission bypass for large objects

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions.