CVE-2023-2785

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2023-2785

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2023-2785

Mattermost contains a vulnerability (CVE-2023-2785) where failure to properly truncate PostgreSQL log messages for failed search queries can allow an attacker to generate large log files, potentially leading to Denial of Service. Affected software is Mattermost; the root cause is truncation of er...

CVE-2023-2785 Specially crafted search query can cause large log entries in postgres

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2023-2785 Specially crafted search query can cause large log entries in postgres

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

rudder-server SQL注入漏洞

rudder-server is an open source niche-focused privacy and security alternative from RudderStack. A SQL injection vulnerability exists in versions prior to rudder-server 1.3.0-rc.1 that stems from the rudder role in PostgresSQL having superuser privileges by default, which can lead to remote code...

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Overview Affected versions of this package are vulnerable to Improper Enforcement of Message Integrity During Transmission in a Communication Channel when the connection to servers with TLS enabled, a man-in-the-middle attacker can inject false responses to the client's first few queries...

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

Code injection

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

EnterpriseDB EDB Postgres Advanced Server 安全漏洞

EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...

postgresql:13 security update

An update is available for module.pgaudit, module.postgres-decoderbufs, postgresql, pgrepack, postgres-decoderbufs, module.postgresql, pgaudit, module.pgrepack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation

The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres...

ManageEngine AssetExplorer < 6.9 Build 6988 Multiple Vulnerabilities

The version of ManageEngine AssetExplorer prior to 6.9 Build 6988 is running on the remote web server. It is, therefore, affected by multiple vulnerabilities, including the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to...

ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities

The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. It is, therefore, affected by multiple vulnerabilities, including the following: - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates...

GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626

Security Advisory Description CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers...