1136 matches found
CVE-2022-31625 Freeing unallocated memory in php_pgsql_free_params()
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-5479-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5479-1 advisory. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pgqueryparams function. A remot...
Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2022-164-01)
The version of php installed on the remote host is prior to 7.4.30. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-164-01 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension,...
UBUNTU-CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
PHP 8.1.x < 8.1.7 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.7 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...
PHP 7.4.x < 7.4.30 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 7.4.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 7.4.30 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplyi...
PHP 8.0.x < 8.0.20 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.20 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplyi...
new packages: postgres-decoderbufs
An update is available for postgres-decoderbufs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...
13 bug fix and enhancement update
An update is available for pgrepack, postgresql, pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on chang...
12 bug fix and enhancement update
An update is available for pgrepack, postgresql, pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on chang...
UPchieve: Postgres Admin Username and Password in Plain text
Summary: Gitlab commit contains password in plain text Steps To Reproduce: Navigate to https://gitlab.com/upchieve/subway/-/commit/e0e039496321c9d62a591504d387589224660a5c Supporting Material/References: Recommendations for Fixing/Mitigation Do not disclose passwords in gitlab. Implement a check...
SUSE-SU-2022:1397-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 Address CVE-2018-20433 Address CVE-2019-5427 - XML-config parsing related attacks bsc1133198 Properly implement the JDBC 4.1 abort method grafana-formula: - Version 0.7.0 Add SLES 15 SP4...
Kraken - A Multi-Platform Distributed Brute-Force Password Cracking System
Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolera...
S1EM - This Project Is A SIEM With SIRP And Threat Intel, All In One
Today, cyber attacks are more numerous and cause damage in companies. Nevertheless, many software products exist to detect cyber threats. The S1EM solution is based on the principle of bringing together the best products in their field, free of charge, and making them quickly interoperable. S1EM ...
CVE-2022-26520
A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...
CVE-2022-24760
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
Default configuration
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...