CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942

The CVE-2022-35942 issue affects loopback-connector-postgresql (LoopBack) where improper input validation of the contains filter allows SQL injection when interpreted by the PostgreSQL connector. A patch was released in loopback-connector-postgresql v5.5.1 to fix this. Impacts include cases where...

CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

npm heroku-env 命令注入漏洞

npm heroku-env is a package from npm USA. It is used to parse DATABASEURL from heroku configurations and split it into PG environment variables used by psql pgdump pgrestore and nodepostgres. A command injection vulnerability exists in all versions of heroku-env, which stems from the presence of...

[SECURITY] Fedora 36 Update: golang-github-boltdb-bolt-1.3.1-16.fc36

Bolt is a pure Go key/value store inspired by Howard Chu's LMDB project. The goal of the project is to provide a simple, fast, and reliable database for projects that don't require a full database server such as Postgres or MySQL. Since Bolt is meant to be used as such a low-level piece of...

Debian DSA-5179-1 : php7.4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5179 advisory. Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2292-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like...

SUSE SLES15 Security Update : php8 (SUSE-SU-2022:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2303-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like...

Ubuntu 18.04 LTS : PHP regression (USN-5479-3)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5479-3 advisory. USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:2275-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2275-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

openSUSE: Security Advisory for php7 (SUSE-SU-2022:2292-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2303-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2021-21707: Fixed a special character that breaks path in xml parsing. bsc1193041 - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when...

SUSE: Security Advisory (SUSE-SU-2022:2275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php7 (SUSE-SU-2022:2275-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2275-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5479-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5479-2 advisory. USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

TypeORM SQL Injection Vulnerability

typeorm CVE-2022-33171 findOneid, findOneOrFailid The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to S...

SUSE: Security Advisory (SUSE-SU-2022:2183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : php72 (SUSE-SU-2022:2183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2183-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...