82 matches found
Astra Linux - уязвимость в postgresql-11
Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...
HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors
out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...
EUVD-2008-2098
Malware in sbrugna...
ROS-20250430-01
A vulnerability in the BusyBox set of command line utilities is related to a post-release usage error in the awk applet. Exploitation of the vulnerability could allow an attacker acting remotely, compromise a vulnerable system The BusyBox command line utility set vulnerability is related to a NUL...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
OESA-2025-1153 postgresql security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
DEBIAN-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
UBUNTU-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...
EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1793)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that inclu...
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...
OpenSSL 3.0.0 < 3.0.9 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.9 advisory. - The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate...
K35040315: glibc vulnerability CVE-2016-10739
Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a...
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...
CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...
Moderate: Red Hat Security Advisory: 389-ds:1.4 security update
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Low: 389-ds:1.4 security and bug fix update
389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: double free of the virtual attribute context in persistent search...