# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
151 |
CVE-2012-2306 |
89 |
|
Exec Code Sql |
2012-07-25 |
2012-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
152 |
CVE-2012-2305 |
352 |
|
CSRF |
2012-07-25 |
2012-08-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. |
153 |
CVE-2012-2303 |
264 |
|
+Info |
2012-07-18 |
2012-08-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. |
154 |
CVE-2012-2282 |
264 |
|
|
2012-07-16 |
2013-03-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. |
155 |
CVE-2012-2281 |
287 |
|
|
2012-07-05 |
2013-03-22 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. |
156 |
CVE-2012-2279 |
20 |
|
|
2012-07-13 |
2020-03-27 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
157 |
CVE-2012-2197 |
119 |
|
Exec Code Overflow |
2012-07-25 |
2017-12-22 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. |
158 |
CVE-2012-2163 |
264 |
|
Exec Code |
2012-07-30 |
2017-08-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. |
159 |
CVE-2012-2152 |
119 |
|
DoS Exec Code Overflow |
2012-07-25 |
2012-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. |
160 |
CVE-2012-2140 |
20 |
|
Exec Code |
2012-07-18 |
2012-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. |
161 |
CVE-2012-2113 |
189 |
|
DoS Exec Code Overflow |
2012-07-22 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. |
162 |
CVE-2012-2100 |
189 |
|
DoS |
2012-07-03 |
2013-02-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307. |
163 |
CVE-2012-2088 |
189 |
|
DoS Exec Code Overflow |
2012-07-22 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. |
164 |
CVE-2012-2020 |
|
|
Exec Code |
2012-07-11 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. |
165 |
CVE-2012-2019 |
|
|
Exec Code |
2012-07-11 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. |
166 |
CVE-2012-1967 |
|
|
Exec Code |
2012-07-18 |
2017-12-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. |
167 |
CVE-2012-1962 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-07-18 |
2017-12-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. |
168 |
CVE-2012-1958 |
399 |
|
Exec Code |
2012-07-18 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. |
169 |
CVE-2012-1955 |
|
|
|
2012-07-18 |
2017-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. |
170 |
CVE-2012-1954 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-07-18 |
2017-12-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. |
171 |
CVE-2012-1953 |
119 |
|
DoS Exec Code Overflow |
2012-07-18 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. |
172 |
CVE-2012-1952 |
399 |
|
Exec Code |
2012-07-18 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. |
173 |
CVE-2012-1951 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-07-18 |
2017-12-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. |
174 |
CVE-2012-1950 |
|
|
|
2012-07-18 |
2017-12-29 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. |
175 |
CVE-2012-1949 |
|
|
DoS Exec Code Mem. Corr. |
2012-07-18 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
176 |
CVE-2012-1948 |
|
|
DoS Exec Code Mem. Corr. |
2012-07-18 |
2017-12-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
177 |
CVE-2012-1894 |
264 |
|
+Priv |
2012-07-10 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." |
178 |
CVE-2012-1893 |
20 |
|
+Priv |
2012-07-10 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." |
179 |
CVE-2012-1891 |
119 |
|
Exec Code Overflow |
2012-07-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." |
180 |
CVE-2012-1890 |
20 |
|
+Priv |
2012-07-10 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." |
181 |
CVE-2012-1862 |
20 |
|
|
2012-07-10 |
2018-10-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." |
182 |
CVE-2012-1854 |
|
|
+Priv |
2012-07-10 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. |
183 |
CVE-2012-1832 |
119 |
|
DoS Exec Code Overflow |
2012-07-05 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001. |
184 |
CVE-2012-1831 |
119 |
|
Exec Code Overflow |
2012-07-05 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. |
185 |
CVE-2012-1830 |
119 |
|
Exec Code Overflow |
2012-07-05 |
2012-07-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. |
186 |
CVE-2012-1740 |
|
|
|
2012-07-17 |
2013-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors. |
187 |
CVE-2012-1737 |
|
|
|
2012-07-17 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. |
188 |
CVE-2012-1735 |
|
|
|
2012-07-17 |
2022-07-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
189 |
CVE-2012-1731 |
|
|
|
2012-07-17 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. |
190 |
CVE-2012-1661 |
94 |
2
|
Exec Code |
2012-07-12 |
2012-07-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. |
191 |
CVE-2012-1524 |
94 |
|
Exec Code |
2012-07-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." |
192 |
CVE-2012-1522 |
94 |
|
Exec Code |
2012-07-10 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." |
193 |
CVE-2012-1520 |
|
|
DoS Exec Code Mem. Corr. |
2012-07-25 |
2012-09-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. |
194 |
CVE-2012-1493 |
255 |
|
|
2012-07-09 |
2012-07-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. |
195 |
CVE-2012-1163 |
189 |
|
Exec Code Overflow +Info |
2012-07-12 |
2012-07-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. |
196 |
CVE-2012-1162 |
119 |
|
DoS Exec Code Overflow |
2012-07-12 |
2012-07-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." |
197 |
CVE-2012-1037 |
94 |
|
Exec Code File Inclusion |
2012-07-12 |
2012-07-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. |
198 |
CVE-2012-0911 |
94 |
2
|
Exec Code |
2012-07-12 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. |
199 |
CVE-2012-0868 |
89 |
|
Exec Code Sql |
2012-07-18 |
2016-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. |
200 |
CVE-2012-0866 |
264 |
|
|
2012-07-18 |
2016-12-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. |