ROS-20240807-07

Vulnerability in implementation of PreparedStatement.setText or PreparedStatement.setBytea methods of JDBC driver PgJDBC methods for connecting Java programs to a PostgreSQL database is related to unsafe temporary files. Exploitation of the vulnerability could allow an attacker to disclose...

Advisory ROSA-SA-2024-2449

Software: postgresql 12.1 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.1 CVE-ID: CVE-2020-1720 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability has been discovered in PostgreSQL "ALTER ... DEPENDS ON EXTENSION" where subcommands did not perform authorization checks. An...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715

CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...

Important: Red Hat Security Advisory: postgresql security update

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RLSA-2024:0950 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Vulnerability fixed in pgAdmin

A vulnerability has been fixed in pgAdmin. An authenticated malicious party could exploit the vulnerability to execute arbitrary code execute arbitrary code with application privileges. Because pgAdmin was developed as a management tool for PostgreSQL databases, it is therefore not rule out the...

PT-2024-21803

Name of the Vulnerable Software and Affected Versions parse-server versions prior to 6.5.0 parse-server versions prior to 7.0.0-alpha.20 Description This issue allows SQL injection when parse-server is configured to use the PostgreSQL database. A remote attacker could send specially-crafted SQL...

PYSEC-2023-287

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

Important: Red Hat Security Advisory: postgresql:10 security update

An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Important: Red Hat Security Advisory: rh-postgresql12-postgresql security update

An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] [DLA 3644-1] phppgadmin security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3644-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 03, 2023 https://wiki.debian.org/LTS -...

PT-2023-5455 · Unknown · Phppgadmin

Name of the Vulnerable Software and Affected Versions: phpPgAdmin versions 7.14.4 and earlier Description: The issue is related to the unserialize function in the phpPgAdmin web tool for administering PostgreSQL databases, which is vulnerable due to shortcomings in the deserialization mechanism...

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures taken to protect the SQL query structure during data processing in MySQL/PostgreSQL databases. Exploiting this vulnerability allows attackers to execute arbitrary SQL code...

InsightVM: Best Practices to Improve Your Console

Over the years, our recommendations and best practices for the InsightVM console have changed with the improvements and updates we’ve made to the system. Here are some of the most common improvements to help you get the most out of your InsightVM console in 2022. Ensure everything is up to date T...

DEBIAN-CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

Sql injection

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

PT-2022-5194 · Dell · Cloud Mobility For Dell Emc Storage

Name of the Vulnerable Software and Affected Versions: Cloud Mobility for Dell Storage versions 1.3.0 and earlier Description: The issue is related to improper authorization in the system, which can allow an attacker to access protected information. A threat actor with root-level access to either...

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Vulnerability fixed in PostgreSQL JDBC Driver

A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...