Lucene search
K

200 matches found

RedHat Linux
RedHat Linux
added 2023/12/20 9:43 a.m.41 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS6.8AI score0.04322EPSS
Exploits0References6
OSV
OSV
added 2023/12/13 12:0 a.m.37 views

ALSA-2023:7785 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS8.2AI score0.04322EPSS
Exploits0References12
OSV
OSV
added 2023/12/06 11:16 p.m.32 views

RLSA-2023:7581 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 postgresql: extension script @substitutions@...

8.8CVSS8.2AI score0.04322EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2023/12/06 11:16 p.m.29 views

postgresql:13 security update

An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS6.8AI score0.04322EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/29 2:18 p.m.40 views

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS6.8AI score0.04322EPSS
Exploits0References9
OSV
OSV
added 2023/11/14 6:27 p.m.34 views

GHSA-6HJJ-GQ77-J4QW Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...

7.5CVSS7.5AI score0.04055EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2023/11/14 6:27 p.m.53 views

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...

7.5CVSS7AI score0.04055EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2023/11/13 9:15 p.m.15 views

PYSEC-2023-275

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS7.4AI score0.04055EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/11/13 8:13 p.m.43 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS7.7AI score0.04055EPSS
Exploits3References2
OSV
OSV
added 2023/11/13 8:13 p.m.36 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.5AI score0.04055EPSS
Exploits3References4
CVE
CVE
added 2023/11/10 6:11 p.m.61 views

CVE-2023-47128

Piccolo ORM (Python) before 1.1.1 is vulnerable to SQL injection via named transaction savepoints. The root cause is building and executing SAVEPOINT commands with user-supplied input using f-strings, which can lead to arbitrary read/modify operations and even server compromise per the descriptio...

9.1CVSS9.6AI score0.00776EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/11/10 6:11 p.m.52 views

CVE-2023-47128 piccolo SQL Injection via named transaction savepoints

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

9.1CVSS9.8AI score0.00776EPSS
Exploits1References2
OSV
OSV
added 2023/11/10 6:11 p.m.33 views

CVE-2023-47128 piccolo SQL Injection via named transaction savepoints

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

9.1CVSS9.6AI score0.00776EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2023/10/06 11:10 p.m.62 views

postgresql:12 security update

An update is available for module.pgaudit, postgresql, pgaudit, module.pgrepack, module.postgres-decoderbufs, pgrepack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.2CVSS6.7AI score0.0119EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/08/08 8:46 a.m.34 views

Moderate: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.2CVSS6.7AI score0.0119EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2023/08/08 12:0 a.m.38 views

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 postgresql: Client memory disclosure...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References8
OSV
OSV
added 2023/07/31 12:0 a.m.39 views

ALSA-2023:4327 Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.4AI score0.0119EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/06/28 7:24 a.m.5 views

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...

9.8CVSS8.4AI score0.0115EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2023/06/21 12:0 a.m.36 views

Moderate: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/04/11 2:30 p.m.29 views

Moderate: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8CVSS6.7AI score0.0152EPSS
Exploits0References3
Rows per page
Query Builder