OESA-2023-1576 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

OESA-2023-1577 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4. A patched version of the package is available...

USN-6296-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. CVE-2023-39417 It was discovered that PostgreSQL incorrectly handled the MERGE...

SUSE CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

DEBIAN-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

AZL-27892 CVE-2023-39417 affecting package postgresql for versions less than 14.10-1

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

ALPINE-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

UBUNTU-CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

MAL-2023-1058 Malicious code in infocaster-frontend-bootstrap-4-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c55745943f07b53663bfc73b3b50663ca02b9b94e8897b082272ea0be460c533 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-4422 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to a SQL injection vulnerability in PostgreSQL extensions that use specific constructs @extowner@, @extschema@, or @extschema:...@ inside quoting constructs dollar...

AZL-34813 CVE-2023-37460 affecting package javapackages-bootstrap for versions less than 1.5.0-4

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified Archiver/UnArchiver API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution...

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

WordPress Bootstrap Fitness Theme < 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Fitness Type Theme Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 151cad56de76 Credits Rafie Muhammad Patchstack Require...

WordPress Bootstrap Blog Theme < 10.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Blog Type Theme Vulnerable versions 10.2.3 Fixed in 10.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 930f23955c14 Credits Rafie Muhammad Patchstack Required...

WordPress WS Bootstrap Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WS Bootstrap Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b19c745aa206 Credits Rafie Muhammad Patchstack Required...

WordPress Bootstrap Coach Theme < 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Coach Type Theme Vulnerable versions 1.1.2 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56159c2dd7f6 Credits Rafie Muhammad Patchstack Required...

USN-6230-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

USN-6230-1 postgresql-9.5 vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...