Lucene search
K

13413 matches found

RedHat Linux
RedHat Linux
added 2024/04/23 2:29 p.m.4 views

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

10CVSS6.9AI score0.0481EPSS
Exploits0References7
Fedora
Fedora
added 2024/04/23 1:20 a.m.36 views

[SECURITY] Fedora 39 Update: pgadmin4-7.8-5.fc39

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

9.8CVSS7.5AI score0.64846EPSS
Exploits5
NVD
NVD
added 2024/04/17 10:15 p.m.13 views

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5.5CVSS5AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2024/04/17 10:15 p.m.3 views

CVE-2024-29955

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5.5CVSS7.3AI score0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 10:11 p.m.10 views

CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS6.7AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 10:11 p.m.17 views

CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS5.3AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 10:11 p.m.61 views

CVE-2024-29955

Summary (CVE-2024-29955): Brocade SANnav before v2.3.1 and v2.3.0a is affected by a vulnerability where a privileged user can print the SANnav encrypted key in PostgreSQL startup logs due to insufficient protection of registration data in the PostgreSQL component. This could allow attackers with ...

5.5CVSS6.5AI score0.00112EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 1:11 p.m.37 views

Security Bulletin: Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection.

Summary Postgresql JDBC is used by IBM Instana Observability as part of the instana-postgresql-sensor. CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.3 views

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.3.1, v2.3.0a, which originates from allowing a privileged user to print SANnav encryption keys in the PostgreSQL startup log...

5.5CVSS8.8AI score0.00112EPSS
Exploits0References2
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

SANnav encrypted key in PostgreSQL startup logs (CVE-2024-29955)

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

5CVSS6.9AI score0.00112EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.34 views

Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is ...

7.5CVSS7.9AI score0.01572EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/04/12 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2024-0120)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.0481EPSS
Exploits0References4
Mageia
Mageia
added 2024/04/11 11:58 p.m.43 views

Updated postgresql-jdbc packages fix security vulnerability

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References2
OSV
OSV
added 2024/04/11 11:58 p.m.7 views

MGASA-2024-0120 Updated postgresql-jdbc packages fix security vulnerability

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a strin...

10CVSS7.8AI score0.0481EPSS
Exploits0References3
OSV
OSV
added 2024/04/11 12:16 p.m.4 views

CLSA-2024-1712837808 postgresql: Fix of CVE-2021-23214

CVE-2021-23214: Reject extraneous data after SSL or GSS encryption handshake...

8.1CVSS5.8AI score0.01901EPSS
Exploits0References1
OSV
OSV
added 2024/04/11 12:11 p.m.5 views

CLSA-2024-1712837462 Fix CVE(s): CVE-2024-1013

SECURITY UPDATE: Fix incompatible pointer-to-integer types - debian/patch/CVE-2024-1013.patch: PostgreSQL driver: Fix incompatible pointer-to-integer types. This change is required to avoid a build failure with GCC 14. - CVE-2024-1013...

7.8CVSS7AI score0.00284EPSS
Exploits0References1
Atlassian
Atlassian
added 2024/04/10 7:45 a.m.55 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Jira Software Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, and 9.14.0 of Jira Software Data Center and Server. Jira Software Data Center is unaffected by...

10CVSS9.7AI score0.0481EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/09 7:9 p.m.35 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to SQL injection due to Postgresql JDBC driver (CVE-2023-45178)

Summary The Postgresql JDBC driver is shipped with IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Information about security vulnerabilities affecting Postgresql JDBC driver has been published in a security bulletin. This bulletin identifies the steps to take to...

10CVSS8.7AI score0.0481EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2024/04/07 11:3 p.m.736 views

Exploit for Command Injection in Pgadmin Pgadmin_4

CVE-2024-3116RCEinpgadmin8.4 Making a lab and testing the...

9.8CVSS10AI score0.64846EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2024/04/04 9:32 p.m.43 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.2AI score0.0481EPSS
Exploits1References6
Rows per page
Query Builder