Lucene search
K

13409 matches found

Vulnrichment
Vulnrichment
added 2024/05/06 12:0 a.m.12 views

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

8.1AI score0.00734EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.5 views

PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe

Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...

9.8CVSS8.4AI score0.00734EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.5 views

Yvan Dotet PostgreSQL Query Deluxe 安全漏洞

Yvan Dotet PostgreSQL Query Deluxe is an application from Yvan Dotet, Inc. A security vulnerability exists in Yvan Dotet PostgreSQL Query Deluxe version 17.x up to and including 17.0.0.4. A remote attacker can exploit this vulnerability to gain privileges via the query parameter of...

9.8CVSS7.3AI score0.00734EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/05/06 12:0 a.m.7 views

The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the PostgreSQL software component used in Brocade SANnav network management systems is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5CVSS5.4AI score0.00112EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/06 12:0 a.m.16 views

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

8AI score0.00734EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 12:0 a.m.55 views

CVE-2024-34532

CVE-2024-34532 : A SQL injection in the “Yvan Dotet PostgreSQL Query Deluxe” module (query_deluxe) for 17.x prior to 17.0.0.4 allows a remote attacker to gain privileges via the query parameter in models/querydeluxe.py:QueryDeluxe::get_result_from_query. Affected software: Yvan Dotet PostgreSQL Q...

9.8CVSS8.1AI score0.00734EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.18 views

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

8.3AI score
Exploits0
F5 Networks
F5 Networks
added 2024/05/02 11:24 a.m.39 views

K000139489: PostgreSQL JDBC Driver vulnerability CVE-2024-1597

Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...

10CVSS8.2AI score0.0481EPSS
Exploits0
NVD
NVD
added 2024/05/01 11:15 a.m.11 views

CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

7.5CVSS7.2AI score0.00491EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/01 10:49 a.m.9 views

CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

7.5CVSS7.2AI score0.00491EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/01 10:49 a.m.20 views

CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

7.5CVSS7.3AI score0.00491EPSS
Exploits0References4
CVE
CVE
added 2024/05/01 10:49 a.m.72 views

CVE-2024-32979

Nautobot (a Django-based network automation platform) is affected by a Reflected Cross-Site Scripting (XSS) vulnerability due to improper handling and escaping of user-supplied query parameters. All filterable object-list views are susceptible to injecting malicious scripts via crafted URLs, pote...

7.5CVSS7.2AI score0.00491EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/01 10:49 a.m.31 views

CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 9:45 p.m.31 views

Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...

8.1CVSS8.2AI score0.01465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 5:34 p.m.43 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 4:58 p.m.54 views

Important: Red Hat Security Advisory: postgresql-jdbc : Security Update

Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

10CVSS7.2AI score0.0481EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/30 4:58 p.m.4 views

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

10CVSS6.9AI score0.0481EPSS
Exploits0References7
OSV
OSV
added 2024/04/30 7:42 a.m.5 views

CLSA-2024-1714462946 Fix CVE(s): CVE-2024-1013

SECURITY UPDATE: PostgreSQL driver: Fix incompatible pointer-to-integer types - debian/patches/CVE-2024-1013.patch: Fix out-of-bounds stack write by adjusting byte size in callee function - CVE-2024-1013...

7.8CVSS7.1AI score0.00284EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.27 views

RHEL 8 : postgresql-jdbc : Security Update (Important) (RHSA-2024:2624)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2624 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

10CVSS8AI score0.0481EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/29 10:52 p.m.3 views

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

10CVSS7.2AI score0.0481EPSS
Exploits0References7
Rows per page
Query Builder