13413 matches found
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...
[SECURITY] Fedora 39 Update: pgadmin4-7.8-5.fc39
pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...
CVE-2024-29955
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
CVE-2024-29955
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
CVE-2024-29955
Summary (CVE-2024-29955): Brocade SANnav before v2.3.1 and v2.3.0a is affected by a vulnerability where a privileged user can print the SANnav encrypted key in PostgreSQL startup logs due to insufficient protection of registration data in the PostgreSQL component. This could allow attackers with ...
Security Bulletin: Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection.
Summary Postgresql JDBC is used by IBM Instana Observability as part of the instana-postgresql-sensor. CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL...
Broadcom Brocade SANnav 日志信息泄露漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.3.1, v2.3.0a, which originates from allowing a privileged user to print SANnav encryption keys in the PostgreSQL startup log...
SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...
Mageia: Security Advisory (MGASA-2024-0120)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated postgresql-jdbc packages fix security vulnerability
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
MGASA-2024-0120 Updated postgresql-jdbc packages fix security vulnerability
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...
CLSA-2024-1712837808 postgresql: Fix of CVE-2021-23214
CVE-2021-23214: Reject extraneous data after SSL or GSS encryption handshake...
CLSA-2024-1712837462 Fix CVE(s): CVE-2024-1013
SECURITY UPDATE: Fix incompatible pointer-to-integer types - debian/patch/CVE-2024-1013.patch: PostgreSQL driver: Fix incompatible pointer-to-integer types. This change is required to avoid a build failure with GCC 14. - CVE-2024-1013...
SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server
This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to SQL injection due to Postgresql JDBC driver (CVE-2023-45178)
Summary The Postgresql JDBC driver is shipped with IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Information about security vulnerabilities affecting Postgresql JDBC driver has been published in a security bulletin. This bulletin identifies the steps to take to...
Exploit for Command Injection in Pgadmin Pgadmin_4
CVE-2024-3116RCEinpgadmin8.4 Making a lab and testing the...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image security update
A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...