129 matches found
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...
Design/Logic Flaw
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...
CVE-2022-40756
Actian Zen PSQL up to versions v15.11.005 (Zen 15 SP1), v15.01.017 (Zen 15), and v14.21.022 (Zen 14 SP2) is affected by a vulnerability where misconfigured folder security allows an attacker with file read/write access to delete specific security files, enabling reset of the master password and u...
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...
CVE-2022-40756
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...
PT-2022-25516 · Actian · Actian Zen Psql
Name of the Vulnerable Software and Affected Versions: Actian Zen PSQL versions prior to v15.11.005 Actian Zen PSQL versions prior to v15.01.017 Actian Zen PSQL versions prior to v14.21.022 Description: The issue arises when folder security is misconfigured, allowing an attacker with file...
Actian Zen 安全漏洞
Actian Zen is a suite of embedded databases from Actian Corporation in the United States. A security vulnerability exists in Actian Zen PSQL BEFORE versions v15.11.005, v15.01.017, and v14.21.022 that stems from a folder security misconfiguration. An attacker exploiting this vulnerability could...
npm heroku-env 命令注入漏洞
npm heroku-env is a package from npm USA. It is used to parse DATABASEURL from heroku configurations and split it into PG environment variables used by psql pgdump pgrestore and nodepostgres. A command injection vulnerability exists in all versions of heroku-env, which stems from the presence of...
Mageia: Security Advisory (MGASA-2020-0432)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : postgresql / postgresql13 (openSUSE-2021-337)
This update for postgresql, postgresql13 fixes the following issues : This update ships postgresql13. Upgrade to version 13.1 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694...
CentOS 8 : postgresql:10 (CESA-2020:5567)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5567 advisory. - postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 - postgresql: Multiple features escape security restricted operati...
CentOS 8 : postgresql:12 (CESA-2020:5620)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5620 advisory. - postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 - postgresql: Uncontrolled search path element in CREATE EXTENSION...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
Important: postgresql95, postgresql96
Issue Overview: A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...