13176 matches found
CVE-2024-9379
Ivanti Cloud Services Appliance (CSA) admin web console contains a SQL injection vulnerability (CVE-2024-9379) in versions prior to 5.0.2. The issue allows a remote attacker with admin privileges to execute arbitrary SQL statements. Remediation per sources is to upgrade to Ivanti CSA version 5.0....
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-44349
AnteeoWMS is affected by a SQL injection in the login portal present in versions prior to 4.7.34. The vulnerability allows unauthenticated attackers to inject SQL via the username parameter and potentially disclose data from the underlying database. The issue is documented across multiple sources...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
CVE-2024-41512
CADClick v1.11.0 and earlier contains a SQL injection in ccHandler.aspx via the bomid parameter, enabling remote arbitrary SQL execution. Affected component: web API endpoint ccHandler.aspx; root cause: unsafely handling bomid leads to injection. Impact: potential data exposure, modification, or ...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...
Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 15.8 bsc1229013 CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
SUSE-SU-2024:3158-3 Security update for postgresql16
This update for postgresql16 fixes the following issues: - Upgrade to 15.8 bsc1229013 - CVE-2024-7348: PostgreSQL relation replacement during pgdump executes arbitrary SQL. bsc1229013...
Important: libpq
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
Important: postgresql
Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...
CVE-2024-39843
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...
CVE-2024-39843
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...
CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...
CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...
CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs...
CVE-2024-39843
Centreon 24.04.2 is affected by a SQL injection vulnerability that allows a remote attacker to execute arbitrary SQL commands via the create user form inputs. Multiple sources describe the flaw as arising from lack of input validation when building SQL queries, enabling privilege escalation in af...
postgresql:16 security update
An update is available for postgres-decoderbufs, pgaudit, module.pgaudit, module.postgres-decoderbufs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL...