13409 matches found
Fedora 37 : postgresql-jdbc (2023-42d6ba9bd6)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-42d6ba9bd6 advisory. Rebase to 42.4.3 with fix of CVE-2022-41946. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Fedora 40 : postgresql-jdbc (2024-ed884c3203)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-ed884c3203 advisory. This rebase fixes CVE-2024-1597. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
RHEL 8 : Satellite 6.12.3 Async Security Update (Important) (RHSA-2023:1630)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1630 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...
RHEL 8 : Red Hat Virtualization (RHSA-2023:0759)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0759 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
RHEL 8 : RHUI 4.1.1 - Security Fixes and Enhancement Update (Important) (RHSA-2022:5602)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5602 advisory. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content...
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2 (RHSA-2022:5703)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5703 advisory. Red Hat Ansible Automation Platform integrates Red Hats automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, an...
RHEL 6 / 7 : rh-postgresql95-postgresql (RHSA-2018:2511)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2511 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstre...
RHEL 7 : rh-postgresql10-postgresql (RHSA-2018:2565)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2565 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...
RHEL 6 / 7 : rh-postgresql96-postgresql (RHSA-2017:3405)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3405 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: Privilege escalation flaws were found in th...
RHEL 6 / 7 : rh-postgresql96-postgresql (RHSA-2018:2566)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2566 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstre...
RHEL 7 : CloudForms 4.6.6 (RHSA-2018:3816)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3816 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...
RHEL 7 : rh-postgresql10-postgresql (RHSA-2018:3757)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3757 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version:...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL [CVE-2024-0985]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY CVE-2024-0985. PostgreSQL is included as part of the utilities used by our Speech Services...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection in PostgreSQL JDBC Driver [CVE-2024-1597]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection in PostgreSQL JDBC Driver, through the use of the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL CVE-2024-1597. Postgres is...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5868 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when...
RHEL 9 : postgresql-jdbc (RHSA-2024:1999)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1999 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
Important: Red Hat Security Advisory: postgresql-jdbc security update
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...
[SECURITY] Fedora 39 Update: pgadmin4-7.8-5.fc39
pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...
CVE-2024-29955
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...