13410 matches found
Important: Red Hat Security Advisory: postgresql-jdbc: security update
An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...
Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.12 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of...
RHEL 9 : postgresql-jdbc: (RHSA-2024:1649)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1649 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...
Security Bulletin: IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597
Summary IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597. This bulletin contains information regarding the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote...
BIT-PARSE-2024-27298 Parse Server literalizeRegexPart SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0...
ROS-20240329-12
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240329-13
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240329-14
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240329-11
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
Security Bulletin: Due to use of PostgreSQL JDBC Driver (PgJDBC), IBM Cloud Pak for AIOps is vulnerable to SQL injection
Summary PostgreSQL JDBC Driver is used by IBM Cloud Pak for AIOps for connection configuration CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injectio...
Moderate: Red Hat Security Advisory: Satellite 6.14.3 Async Security Update
An update is now available for Red Hat Satellite 6.14 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
RLSA-2024:1435 Important: postgresql-jdbc security update
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...
postgresql-jdbc security update
An update is available for postgresql-jdbc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...
Rocky Linux 8 : postgresql-jdbc (RLSA-2024:1435)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1435 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is n...
CVE-2024-29196
CVE-2024-29196 affects phpMyFAQ with a Path Traversal in Attachments. The vulnerability allows attackers with admin rights to upload malicious files to locations outside the intended attachments directory, potentially affecting the web root. Public advisories confirm the issue exists in versions ...
CVE-2024-29179
CVE-2024-29179 concerns phpMyFAQ, an open source FAQ app. The vulnerability arises when an administrator uploads an attachment containing JavaScript code without an extension; the application then renders the attachment as HTML, enabling stored XSS. Attacks require admin privileges and leverage t...
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...
CVE-2024-28106
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...
CVE-2024-28108
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...