Lucene search
K

13410 matches found

RedHat Linux
RedHat Linux
added 2024/04/02 8:53 p.m.45 views

Important: Red Hat Security Advisory: postgresql-jdbc: security update

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.2AI score0.0481EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/02 8:53 p.m.2 views

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

10CVSS6.9AI score0.0481EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 11:6 a.m.58 views

Security Bulletin: Netcool Operations Insights 1.6.12 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.12 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of...

10CVSS10AI score0.25939EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.15 views

RHEL 9 : postgresql-jdbc: (RHSA-2024:1649)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1649 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

10CVSS8AI score0.0481EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 7:41 a.m.54 views

Security Bulletin: IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597

Summary IBM Maximo Application Suite uses postgresql-42.3.8.jar which is vulnerable to CVE-2024-1597. This bulletin contains information regarding the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/31 6:25 p.m.25 views

BIT-PARSE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0...

10CVSS7.2AI score0.0103EPSS
Exploits0References6
Redos
Redos
added 2024/03/29 12:0 a.m.31 views

ROS-20240329-12

Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...

8.8CVSS9.5AI score0.04322EPSS
Exploits0
Redos
Redos
added 2024/03/29 12:0 a.m.37 views

ROS-20240329-13

Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...

8.8CVSS9.1AI score0.04322EPSS
Exploits0
Redos
Redos
added 2024/03/29 12:0 a.m.39 views

ROS-20240329-14

Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...

8.8CVSS9.2AI score0.04322EPSS
Exploits0
Redos
Redos
added 2024/03/29 12:0 a.m.36 views

ROS-20240329-11

Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...

8.8CVSS9.5AI score0.04322EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:11 p.m.42 views

Security Bulletin: Due to use of PostgreSQL JDBC Driver (PgJDBC), IBM Cloud Pak for AIOps is vulnerable to SQL injection

Summary PostgreSQL JDBC Driver is used by IBM Cloud Pak for AIOps for connection configuration CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injectio...

10CVSS9.8AI score0.0481EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/03/27 1:22 p.m.50 views

Moderate: Red Hat Security Advisory: Satellite 6.14.3 Async Security Update

An update is now available for Red Hat Satellite 6.14 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.8AI score0.76875EPSS
Exploits19References23
OSV
OSV
added 2024/03/27 4:34 a.m.28 views

RLSA-2024:1435 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE CVE-2024-1597...

10CVSS9.8AI score0.0481EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2024/03/27 4:34 a.m.39 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...

10CVSS7.7AI score0.0481EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.23 views

Rocky Linux 8 : postgresql-jdbc (RLSA-2024:1435)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1435 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is n...

10CVSS7.8AI score0.0481EPSS
Exploits0References3
CVE
CVE
added 2024/03/26 3:1 a.m.75 views

CVE-2024-29196

CVE-2024-29196 affects phpMyFAQ with a Path Traversal in Attachments. The vulnerability allows attackers with admin rights to upload malicious files to locations outside the intended attachments directory, potentially affecting the web root. Public advisories confirm the issue exists in versions ...

3.8CVSS4AI score0.00587EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/03/25 8:27 p.m.68 views

CVE-2024-29179

CVE-2024-29179 concerns phpMyFAQ, an open source FAQ app. The vulnerability arises when an administrator uploads an attachment containing JavaScript code without an extension; the application then renders the attachment as HTML, enabling stored XSS. Attacks require admin privileges and leverage t...

4.8CVSS4.6AI score0.00508EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/03/25 8:27 p.m.21 views

CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

4.3CVSS5.3AI score0.00508EPSS
Exploits1References1
NVD
NVD
added 2024/03/25 7:15 p.m.16 views

CVE-2024-28106

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

5.4CVSS4.4AI score0.00542EPSS
Exploits1References2
NVD
NVD
added 2024/03/25 7:15 p.m.18 views

CVE-2024-28108

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the contentLink parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding n...

6.1CVSS4.7AI score0.00539EPSS
Exploits1References2
Rows per page
Query Builder