TencentOS Server 2: postgresql (TSSA-2023:0317)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0317 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CVE-2025-24375 MySQL K8s charm could leak credentials for root-level user `serverconfig`

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2023:7770)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7770 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

Information Disclosure

pgpool2 is vulnerable to Information Disclosure. Database users' authentication information may be obtained by another user, potentially altering or suspending the database...

CVE-2022-3781

Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote...

Oracle Linux 7 : postgresql (ELSA-2021-2397)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2397 advisory. - Fix CVE-2021-32027 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

FreeBSD : PostgreSQL server -- two security issues (62da9702-b4cc-11eb-b9c9-6cc21735f730)

The PostgreSQL project reports : Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can...

CVE-2021-23276

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...

Cpanel Security Breach

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel 92.0.9, which stems from a program that allows MySQL users using...

ZSQL: Check For Unknown Users In Database

Checks whether there are unknown users in DBUSERS. Unknown users may threaten database security. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and...

Cloudera HUE User Enumeration Vulnerability

Cloudera Hue is an open source Apache Hadoop UI system from the U.S. company Cloudera. A user enumeration vulnerability exists in Cloudera HUE. A remote attacker can exploit the vulnerability to gain access to the enumerated database users...

Code injection

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

Oracle E-Business Suite - Database user enumeration vulnerability

Application: E-Business Suite Vendor URL: Oracle Bugs: User enumeration Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov ERPScan VULNERABILITY INFORMATION Class:...

CVE-2014-6283

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...

Buffer overflow

SAP Adaptive Server Enterprise ASE 15.7 before SP122 or SP63, 15.5 before ESD5.4, and 15.0.3 before ESD4.4 does not properly restrict access, which allows remote authenticated database users to 1 overwrite the master encryption key or 2 trigger a buffer overflow via a crafted RPC message to the...

nightfall personal diary 1.0 (xss/dd) Multiple Vulnerabilities

-----------------------------OffensiveTrack------------------------------ ---------------------------- Tunisian Muslim ------------------------------ found by : OffensiveTrack Author : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : NightFall download :...

Ubuntu Update for postgresql-9.1 USN-1542-1

Ubuntu Update for Linux kernel vulnerabilities USN-1542-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15421.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for postgresql-9.1 USN-1542-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...