1136 matches found
Dataprobe Trust Management Issue Vulnerability
Dataprobe is a line of intelligent power switches and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from the use of hard-coded credentials to interact with the internal...
postgresql:13 security update
pgaudit pgrepack postgres-decoderbufs postgresql 13.11-1.0.1 - Update to 13.11 - Resolves: 2212815 - Update postgresql-setup to 8.7 https://github.com/devexp-db/postgresql-setup/pull/35 - Resolves: 2207933 - Update 1001-Fixed-postgresql-service-network-binding-issue.patch for postgresql-setup...
postgresql:12 security update
pgaudit pgrepack postgres-decoderbufs postgresql 12.15-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35103668 12.15-1 - Update postgresql-setup to 8.7 https://github.com/devexp-db/postgresql-setup/pull/35 - Resolves: 2207932 - Update to version 12.15...
postgresql:15 security update
An update is available for postgres-decoderbufs, pgaudit, module.pgaudit, module.postgres-decoderbufs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL...
15 security update
pgaudit pgrepack postgres-decoderbufs postgresql 15.3-1 - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: 2214875...
TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign
As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave...
Mattermost Resource Management Error Vulnerability (CNVD-2023-55045)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to properly truncate postgres error log messages for failed search queries, which can be exploited by an...
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...
CVE-2023-2785
Mattermost contains a vulnerability (CVE-2023-2785) where failure to properly truncate PostgreSQL log messages for failed search queries can allow an attacker to generate large log files, potentially leading to Denial of Service. Affected software is Mattermost; the root cause is truncation of er...
CVE-2023-2785 Specially crafted search query can cause large log entries in postgres
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...
CVE-2023-2785 Specially crafted search query can cause large log entries in postgres
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...
rudder-server SQL注入漏洞
rudder-server is an open source niche-focused privacy and security alternative from RudderStack. A SQL injection vulnerability exists in versions prior to rudder-server 1.3.0-rc.1 that stems from the rudder role in PostgresSQL having superuser privileges by default, which can lead to remote code...
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Overview Affected versions of this package are vulnerable to Improper Enforcement of Message Integrity During Transmission in a Communication Channel when the connection to servers with TLS enabled, a man-in-the-middle attacker can inject false responses to the client's first few queries...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
Code injection
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 stores unredacted passwords in logs when optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, despite redaction being configured via edb_filter_log.redact_password_commands. Affected versions and fixed targets are: 10.x bef...
EnterpriseDB EDB Postgres Advanced Server 安全漏洞
EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...