SUSE: Security Advisory (SUSE-SU-2022:2275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2275-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5479-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5479-2 advisory. USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

TypeORM SQL Injection Vulnerability

typeorm CVE-2022-33171 findOneid, findOneOrFailid The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to S...

SUSE SLES12 Security Update : php72 (SUSE-SU-2022:2183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2183-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

SUSE: Security Advisory (SUSE-SU-2022:2183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:2185-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2185-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

SUSE-SU-2022:2185-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

SUSE-SU-2022:2183-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

OESA-2022-1721 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

SUSE SLES12 Security Update : php74 (SUSE-SU-2022:2161-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2161-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

SUSE-SU-2022:2161-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...

Malicious code in realm-postgres-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware daf91dad400c5ac4549be339b95e4daf9f243e91e319647ba513b0e799302fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5706 Malicious code in realm-postgres-adapters (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware daf91dad400c5ac4549be339b95e4daf9f243e91e319647ba513b0e799302fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2022:2143-1 Recommended update for SUSE Manager 4.1.15 Release Notes

This update for SUSE Manager 4.1.15 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.1.15 Salt has been upgraded to 3004 version Grafana has been upgraded to 8.3.5 Postgres exporter has been upgraded to 0.10.0 Alertmanager has been upgraded to 0.23.0...

CVE-2022-31625

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

Denial of service

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

CVE-2022-31625

The CVE-2022-31625 issue affects PHP when using the Postgres extension: supplying invalid parameters to parameterized queries can cause PHP to free memory using uninitialized data as pointers, leading to potential remote code execution or denial of service. Affected versions are PHP 7.4.x before ...