Dbd::pg Security Vulnerabilities

Moderate: ruby:2.5 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626) Security Fix(es): ruby: NUL injection...

ruby:2.5 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....

(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626) Security Fix(es): ruby: NUL injection...

ruby:2.7 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....

(RHSA-2021:2584) Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): ruby: Potential HTTP request...

Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): ruby: Potential HTTP request...

RHEL 8 : ruby:2.6 (RHSA-2021:2588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881) ruby: NUL...

CentOS 8 : ruby:2.5 (CESA-2021:2587)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2587 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service vulnerability of...

CentOS 8 : ruby:2.7 (CESA-2021:2584)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) Note that Nessus...

RHEL 8 : ruby:2.5 (RHSA-2021:2587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2587 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

RHEL 8 : ruby:2.7 (RHSA-2021:2584)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) Note...

CentOS 8 : ruby:2.6 (CESA-2021:2588)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2588 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service vulnerability of...

SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2021:2163-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2163-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue...

SUSE: Security Advisory (SUSE-SU-2021:2163-1)

The remote host is missing an update for...

shmoop.com Cross Site Scripting vulnerability OBB-2060589

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its...

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and.....

Security update for the Linux Kernel (important)

An update that solves two vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: Fixed an issue with the netfilter subsystem that...

CVE-2020-8703

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2020-8704

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2020-8670

Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2020-24507

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local...

CVE-2020-12357

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2020-24506

Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local...

SUSE: Security Advisory (SUSE-SU-2018:2193-1)

The remote host is missing an update for...

Supreme Court narrows CFAA

The US Supreme Court issued its long-awaited-by-cybersecurity-nerds opinion on _Van Buren v. United States. _The case examined whether it was a violation of the Computer Fraud and Abuse Act (CFAA) for a police officer to access a law enforcement database to obtain information, which the officer...

FreeBSD : PG Partition Manager -- arbitrary code execution (58b22f3a-bc71-11eb-b9c9-6cc21735f730)

PG Partition Manager reports : In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

Email Campaign Spreads StrRAT Fake-Ransomware RAT

An email campaign is delivering a Java-based remote access trojan (RAT) that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence (MSI) team has outlined details of a “massive...

Calling for cybersecurity in infrastructure modernization

Yesterday, Rapid7 sent a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation. The letter was signed by 19 companies, industry associations, and nonprofit groups who collaborated on the recommendations. The letter...

PG Partition Manager -- arbitrary code execution

PG Partition Manager reports: In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not ...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

Code injection

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not...

CVE-2021-33204

In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. Bugs ...

openSUSE Security Update : the Linux Kernel (openSUSE-2021-716)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-29650: The netfilter subsystem allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and ...

Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)

...

Podcast Generator 3.1 - (Long Description) Persistent Cross-Site Scripting Vulnerability

...

Podcast Generator 3.1 Cross Site Scripting

...

Security update for the Linux Kernel (important)

An update that solves two vulnerabilities and has 55 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: The netfilter subsystem allowed attackers to cause a ...

Exploit for SQL Injection in Layer5 Meshery

[Vulnerability Report] CVE-2021-31856: a sql injection in...

(RHSA-2021:1313) Moderate: Satellite 6.9 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): foreman: Managing repositories with their id via hammer does not respect the.....

RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...

SUSE: Security Advisory (SUSE-SU-2018:2478-1)

The remote host is missing an update for...

Detecting the "Next" SolarWinds-Style Cyber Attack

The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments,...

Security Bulletin: IBM InfoSphere Information Server has a network layer security vulnerability

Summary A network layer security vulnerability in InfoSphere Information Server can lead to privilege escalation or unauthorized access. An unauthorized user could intercept and view communication between client and server. They could also modify or replay certain DataStage commands to get...

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Recent assessments: wvu-r7 at April 29, 2021 9:39pm UTC reported: CVE-2021-20020? Seems to be Postgres running in trust mode on TCP port 5029, which essentially...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML...