13409 matches found
CVE-2024-34532
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...
PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe
Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...
Yvan Dotet PostgreSQL Query Deluxe 安全漏洞
Yvan Dotet PostgreSQL Query Deluxe is an application from Yvan Dotet, Inc. A security vulnerability exists in Yvan Dotet PostgreSQL Query Deluxe version 17.x up to and including 17.0.0.4. A remote attacker can exploit this vulnerability to gain privileges via the query parameter of...
The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2024-34532
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...
CVE-2024-34532
CVE-2024-34532 : A SQL injection in the “Yvan Dotet PostgreSQL Query Deluxe” module (query_deluxe) for 17.x prior to 17.0.0.4 allows a remote attacker to gain privileges via the query parameter in models/querydeluxe.py:QueryDeluxe::get_result_from_query. Affected software: Yvan Dotet PostgreSQL Q...
borgmatic: Shell Injection
Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...
K000139489: PostgreSQL JDBC Driver vulnerability CVE-2024-1597
Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...
CVE-2024-32979
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...
CVE-2024-32979
Nautobot (a Django-based network automation platform) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to improper handling and escaping of user-supplied query parameters. All filterable object-list views are susceptible to injecting malicious scripts via crafted URLs, pote...
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...
Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...
Important: Red Hat Security Advisory: postgresql-jdbc : Security Update
Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...
CLSA-2024-1714462946 Fix CVE(s): CVE-2024-1013
SECURITY UPDATE: PostgreSQL driver: Fix incompatible pointer-to-integer types - debian/patches/CVE-2024-1013.patch: Fix out-of-bounds stack write by adjusting byte size in callee function - CVE-2024-1013...
RHEL 8 : postgresql-jdbc : Security Update (Important) (RHSA-2024:2624)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2624 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...