Oracle Linux 8 : php:8.0 (ELSA-2022-7624)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7624 advisory. libzip 1.7.3-1 - update to 1.7.3 php-pecl-apcu 5.1.20-1 - update to 5.1.20 php-pecl-rrd 2.0.3-1 - update to 2.0.3 php-pecl-xdebug3 3.1.2-1 - update to...

AlmaLinux 8 : php:8.0 (ALSA-2022:7624)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7624 advisory. php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable...

GHSA-FFWF-47X2-JPR8 Matrix-appservice-irc vulnerable to sql injection via roomIds argument

A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is...

Sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...

PT-2022-24988 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2022-2582)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

Improper access control

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

Cloud Mobility for Dell EMC Storage 安全漏洞

Cloud Mobility for Dell EMC Storage is a Dell USA feature that supports the transfer, storage and access of volume snapshot copies between compatible local Dell EMC storage devices and public cloud object storage. An access control error vulnerability exists in Cloud Mobility for Dell EMC Storage...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2022-2582)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

AlmaLinux 8 : php:7.4 (ALSA-2022:6158)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6158 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Oracle Linux 8 : php:7.4 (ELSA-2022-6158)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6158 advisory. php 7.4.19-4 - fix uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the...

php: Uninitialized array in pg_query_params() leading to RCE

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

The vulnerability of the implementation of the “java.sql.ResultRow.refreshRow()” method in the JDBC driver (PgJDBC) allows a hacker to execute arbitrary code.

The vulnerability of the “java.sql.ResultRow.refreshRow” method implementation in the JDBC driver PgJDBC is related to the lack of security measures for handling SQL queries. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted SQL query remote...

USN-5571-1 postgresql-10, postgresql-12, postgresql-14 vulnerability

Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated...

EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2229)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters...

CVE-2022-35942

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

Sql injection

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...