CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

CVE-2022-46792

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...

Hasura GraphQL Engine 安全漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A security vulnerability exists in Hasura GraphQL Engine versions prior to 2.15.2, which stems from incorrectly handling Postgres backend authorization in the Update Many API...

PT-2022-5790 · Pgjdbc +8 · Pgjdbc +8

Name of the Vulnerable Software and Affected Versions: pgjdbc versions prior to 4.5.0 Description: The issue is related to the implementation of the PreparedStatement.setText or PreparedStatement.setBytea methods in the PgJDBC driver, which can lead to the creation of temporary files that are...

Oracle Linux 9 : php (ELSA-2022-8197)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8197 advisory. 8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser whe...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2022:3997-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3997-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions...

php: Uninitialized array in pg_query_params() leading to RCE

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

Oracle Linux 8 : php:8.0 (ELSA-2022-7624)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7624 advisory. libzip 1.7.3-1 - update to 1.7.3 php-pecl-apcu 5.1.20-1 - update to 5.1.20 php-pecl-rrd 2.0.3-1 - update to 2.0.3 php-pecl-xdebug3 3.1.2-1 - update to...

AlmaLinux 8 : php:8.0 (ALSA-2022:7624)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7624 advisory. php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable...

GHSA-FFWF-47X2-JPR8 Matrix-appservice-irc vulnerable to sql injection via roomIds argument

A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is...

Sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

PT-2022-24988 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2022-2582)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

Improper access control

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

Cloud Mobility for Dell EMC Storage 安全漏洞

Cloud Mobility for Dell EMC Storage is a Dell USA feature that supports the transfer, storage and access of volume snapshot copies between compatible local Dell EMC storage devices and public cloud object storage. An access control error vulnerability exists in Cloud Mobility for Dell EMC Storage...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2022-2582)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

AlmaLinux 8 : php:7.4 (ALSA-2022:6158)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6158 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the AlmaLinux security...