Dbd::pg Security Vulnerabilities

Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431) Security Fix(es): ruby: Regular expression...

Rocket LMS 1.6 Shell Upload

...

Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424) Security Fix(es): ruby: Regular expression...

RHEL 8 : ruby:3.0 (RHSA-2022:6450)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6450 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix spoofing in...

Amazon Linux 2022 : (ALAS2022-2022-114)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-114 advisory. A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a...

Ubuntu: Security Advisory (USN-870-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-367-1)

The remote host is missing an update for...

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-237-02)

The version of kernel-generic installed on the remote host is prior to 5.15.63 / 5.15.63_smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-237-02 advisory. When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out...

Ukraine war spotlights agriculture sector's vulnerability to cyber attack

By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2244)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2257)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2257)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2244)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-5564-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5564-1 advisory. A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are...

(RHSA-2022:5894) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9,.....

ruby:2.5 security update

ruby [2.5.9-110] - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 - CGI::Cookie.parse no longer decodes cookie names to prevent...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2615-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2615-1 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage....

(RHSA-2022:5779) Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix...

ruby:2.5 security update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....

RHEL 8 : ruby:2.5 (RHSA-2022:5779)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix spoofing in...

Security update for the Linux Kernel (important)

An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix...

CentOS 8 : ruby:2.5 (CESA-2022:5779)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) ruby: Cookie prefix spoofing in CGI::Cookie.parse...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5539-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5539-1 advisory. A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user...

Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products

_By Francesco Benvenuto. _ Recently, I was performing some research on a wireless router and noticed the following piece of code: ...

Security update for the Linux Kernel (important)

An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2520-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2520-1 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-015)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-015 advisory. A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-017)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-017 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-004)

The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-004 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5529-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5529-1 advisory. Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-003)

The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-003 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-002)

The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-002 advisory. With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5514-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5514-1 advisory. A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5518-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5518-1 advisory. A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel's BPF...

CentOS 8 : ruby:2.6 (CESA-2022:5338)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5338 advisory. Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) Note that Nessus has not tested for this issue but has instead relied only on the...

al-ns1.ap.gov.br Cross Site Scripting vulnerability OBB-2740091

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| al-ns1.ap.gov.br ---|--- Open Bug...

Sante PACS Server SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the...

(RHSA-2022:5498) Moderate: Satellite 6.11 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c...

Oracle Linux 8 : ruby:2.6 (ELSA-2022-5338)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5338 advisory. There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion,...

RHEL 8 : ruby:2.6 (RHSA-2022:5338)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5338 advisory. ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) Note that Nessus has not tested for this issue but has instead relied only on...

ruby:2.6 security, bug fix, and enhancement update

ruby [2.6.10-109] - Upgrade to Ruby 2.6.10. Resolves: rhbz#2088415 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power...

pg-westpfalz.de Cross Site Scripting vulnerability OBB-2692868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

(RHSA-2022:5338) Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.10). (BZ#2089374) Security Fix(es): Ruby: Buffer overrun in...

ruby:2.6 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....

Malicious code in winston-pg-native (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c5ce4395f11e08aabe826bbeccb1004202503971e7d29e5d42730ce51f7f44b3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

pg-native and libpq vulnerable to uncontrolled resource consumption

pg-native before 3.0.1 and libpq before 1.8.10 are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in turn has the...