RHEL 5 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Improper randomization of pgcrypto functions requiring random seed CVE-2013-1900 - postgresql...

RHEL 8 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 - An issue was...

PT-2024-19294

Name of the Vulnerable Software and Affected Versions Harbor versions 2.8.1 through 2.8.5 Harbor versions 2.9.0 through 2.9.3 Harbor versions 2.10.0 through 2.10.1 Description A SQL Injection issue allows users with administrator, project admin, or project maintainer roles to execute any Postgres...

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1. A patched version of the package is available...

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1

CVE-2024-0985 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-4317 affecting package postgresql for versions less than 16.3-1

CVE-2024-4317 affecting package postgresql for versions less than 16.3-1. An upgraded version of the package is available that resolves this issue...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.7-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

USN-6802-1: PostgreSQL vulnerability

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users. NOTE: This update will...

USN-6802-1 postgresql-14, postgresql-15, postgresql-16 vulnerability

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users. NOTE: This update will...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : PostgreSQL vulnerability (USN-6802-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6802-1 advisory. Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileg...

Ubuntu: Security Advisory (USN-6802-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2024-34715

CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...

CVE-2024-34715 Partial Password Exposure Vulnerability in Fides Webserver Logs

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector

A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code...