Dbd::pg Security Vulnerabilities

CVE-2022-25852

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....

CVE-2022-25852

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....

Design/Logic Flaw

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in.....

Unbreakable Enterprise kernel-container security update

5.4.17-2136.308.7.el7 uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) x86/cpu:...

Unbreakable Enterprise kernel security update

[5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) -...

Debian DSA-5161-1 : linux - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5161 advisory. A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker...

pg-riders.at Cross Site Scripting vulnerability OBB-2646699

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to...

CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

Null pointer dereference

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

Malicious code in dai-pg (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (380a8ec5aad17aa31577c83a6d88aa6060b4631380bc351d846ef8b6d9d0a1e8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these....

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational...

Malicious code in pg-ng-popover (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b7eae5ce3ffe7a6a45252fbf8e9e7baab3dd7e94d06676793c490eaa77094a06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

new packages: rubygem-pg

An update is available for rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-DBD-Pg

An update is available for perl-DBD-Pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

TRENDnet TI-PG1284i Integer Underflow Vulnerability

The TRENDnet TI-PG Series is a series of switches from Trend Micro Networks (TRENDnet), Inc. A security vulnerability exists in previous versions of the TRENDnet TI-PG1284i 2.0.2.S0, and no details of the vulnerability are currently...

TRENDnet TI-PG1284i null pointer dereference vulnerability

TRENDnet TI-PG Series is a series of switches from Trend Micro Networks (TRENDnet), Inc. A security vulnerability exists in versions prior to TRENDnet TI-PG1284i 2.0.2.S0, which could be exploited by an attacker to crash a process by sending crafted lldp packets to the...

perl:5.32 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...

5.32 metadata for the Rocky Linux 8 module matrix (2/4)

An update is available for perl-DBD-Pg, perl-DBI, perl-IO-HTML, perl-LWP-MediaTypes, perl-Data-Dump, perl-FCGI, perl-HTTP-Message, perl-Net-HTTP, perl-File-pushd, perl-Try-Tiny, perl-Digest-HMAC, perl-HTML-Parser, perl-NTLM, perl-Mozilla-CA, perl-IO-Socket-SSL, perl-libwww-perl,...

new module: perl:5.32

An update is available for perl-Pod-Perldoc, perl-DBI, perl-IO-HTML, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Data-Dump, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template,.....

5.32 metadata for the Rocky Linux 8 module matrix (3/4)

An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...

5.32 metadata for the Rocky Linux 8 module matrix (1/4)

An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...

RHEL 7 : Satellite 6.10.5 Async Bug Fix Update (Important) (RHSA-2022:1708)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1708 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...

(RHSA-2022:1708) Important: Satellite 6.10.5 Async Bug Fix Update

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a.....

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a.....

Elgg Reflected XSS Vulnerability

VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...

Elgg Reflected XSS Vulnerability

VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...

RubyGems: Possibility to guess email address from gravatar image URL

The hash used for gravatar used in rubygems.org is a simple md5, which could allow an attacker to guess the user's email address. https://en.gravatar.com/site/implement/hash/ https://github.com/chrislloyd/gravtastic/blob/master/lib/gravtastic.rb#L79 ruby def gravatar_id ...

Cab fare calculator < 1.0.4 - Unauthenticated LFI

The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable...

Security update for the Linux Kernel (important)

An update that solves 12 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-25636: Fixed an issue which allowed a local users to...

Security update for the Linux Kernel (important)

An update that solves 22 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-25636: Fixed an issue which allowed a local users to...

CVE-2022-23937

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange...

620.pg-qq168.ws Cross Site Scripting vulnerability OBB-2447026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

AlmaLinux 8 : ruby:2.5 (ALSA-2022:0545)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0545 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue...