dagster-dbt (>=0.19.3 <=0.20.4), dagster-ext (>=0.0.1a11 <=0.1.0) +8 more potentially affected by unknown CVE via dbt-core (>=1.6.0 <=1.6.12)

dbt-core PYPI version =1.6.0, =0.19.3, =0.0.1a11, =1.6.0b1, =0.1.0, =0.0.1, =1.6.0, =1.3.0, =1.6.0, =0.200.0.dev5, =0.200.0.dev14 Source cves: unknown CVE Source advisory: OSV:GHSA-P72Q-H37J-3HQ7...

Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a...

postgresql:15 security update

An update is available for postgres-decoderbufs, pgaudit, module.pgaudit, module.postgres-decoderbufs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL...

postgresql:13 security update

An update is available for postgres-decoderbufs, postgresql, pgrepack, module.postgresql, module.postgres-decoderbufs, pgaudit, module.pgrepack, module.pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Ubuntu 16.04 LTS : PostgreSQL vulnerability (USN-6656-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6656-2 advisory. USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS Tenable has extracted the preceding...

BIT-PHP-2022-31625 Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

BIT-PARSE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

Security Advisory 0093

Security Advisory 0093 . CSAF PDF Date: February 28, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 28, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-27889 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-89:...

postgresql:12 security update

pgaudit 1.4.0-7 - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pgrepack postgres-decoderbufs postgresql 12.18-1.0.1 - Update to version 12.18 - Fixes CVE-2024-0985...

postgresql:15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.6-1 - update to 15.6 - Fixes CVE-2024-0985...

postgresql:15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.6-1 - update to 15.6 - Fixes CVE-2024-0985...

Important: postgresql

Issue Overview: Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirm...

postgresql:15 security update

pgaudit 1.7.0-1 - Update to 1.7.0 - Support postgresql 15 - Related: 2128241 1.5.0-1 - Update to version 1.5.0 Related: 1855776 pgrepack 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 2128241 1.4.6-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688...

postgresql:12 security update

pgaudit pgrepack postgres-decoderbufs postgresql...

postgresql:15 security update

pgaudit pgrepack postgres-decoderbufs postgresql 15.5-1 - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 Resolves: RHEL-16100, RHEL-16124, RHEL-16139...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...