Oracle Linux 8 : php:7.4 (ELSA-2022-6158)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6158 advisory. php 7.4.19-4 - fix uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the...

php: Uninitialized array in pg_query_params() leading to RCE

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

USN-5571-1 postgresql-10, postgresql-12, postgresql-14 vulnerability

Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated...

EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2229)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters...

CVE-2022-35942

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

Sql injection

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942

The CVE-2022-35942 issue affects loopback-connector-postgresql (LoopBack) where improper input validation of the contains filter allows SQL injection when interpreted by the PostgreSQL connector. A patch was released in loopback-connector-postgresql v5.5.1 to fix this. Impacts include cases where...

CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

npm heroku-env 命令注入漏洞

npm heroku-env is a package from npm USA. It is used to parse DATABASEURL from heroku configurations and split it into PG environment variables used by psql pgdump pgrestore and nodepostgres. A command injection vulnerability exists in all versions of heroku-env, which stems from the presence of...

[SECURITY] Fedora 36 Update: golang-github-boltdb-bolt-1.3.1-16.fc36

Bolt is a pure Go key/value store inspired by Howard Chu's LMDB project. The goal of the project is to provide a simple, fast, and reliable database for projects that don't require a full database server such as Postgres or MySQL. Since Bolt is meant to be used as such a low-level piece of...

Debian DSA-5179-1 : php7.4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5179 advisory. Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or...

Ubuntu 18.04 LTS : PHP regression (USN-5479-3)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5479-3 advisory. USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2292-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like...

SUSE SLES15 Security Update : php8 (SUSE-SU-2022:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2303-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like...

openSUSE: Security Advisory for php7 (SUSE-SU-2022:2292-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:2275-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2275-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

SUSE-SU-2022:2303-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2021-21707: Fixed a special character that breaks path in xml parsing. bsc1193041 - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when...

openSUSE: Security Advisory for php7 (SUSE-SU-2022:2275-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...