postgresql:13 security update

An update is available for module.pgaudit, module.postgres-decoderbufs, postgresql, pgrepack, postgres-decoderbufs, module.postgresql, pgaudit, module.pgrepack. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation

The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres...

ManageEngine AssetExplorer < 6.9 Build 6988 Multiple Vulnerabilities

The version of ManageEngine AssetExplorer prior to 6.9 Build 6988 is running on the remote web server. It is, therefore, affected by multiple vulnerabilities, including the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to...

ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities

The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. It is, therefore, affected by multiple vulnerabilities, including the following: - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates...

GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626

Security Advisory Description CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers...

Faraday - Open Source Vulnerability Management Platform

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on...

SUSE CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

SUSE CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

SUSE CVE-2009-1341

Memory leak in the dequotebytea function in quote.c in the DBD::Pg aka DBD-Pg or libdbd-pg-perl module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service memory consumption by fetching data with BYTEA columns...

SUSE CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstoreio.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the 1 hstorerecv, 2 hstorefromarrays, and 3 hstorefromarray...

SUSE CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

SUSE CVE-2020-14350

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

PgHero 安全漏洞

PgHero is a performance dashboard for Postgres by Andrew Kane, an individual developer. A security vulnerability exists in versions of PgHero prior to 3.1.0 that stems from a malicious PgHero user being able to use the EXPLAIN function to extract data from a database and pass certain inputs, whic...

Debian dla-3243 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3243 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3243-1 [email protected]...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

Hardcoded credentials

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

PT-2022-27980 · Hasura · Hasura Graphql Engine

Name of the Vulnerable Software and Affected Versions: Hasura GraphQL Engine versions prior to 2.10.0 are not affected, but versions from 2.10.0 through 2.15.1 are affected, excluding fixed versions 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. To simplify, the affected versions are: Hasura...