Photon OS 2.0: Postgresql PHSA-2019-2.0-0167

An update of the postgresql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0167. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Apache Superset vulnerable to improper SQL authorization

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

GHSA-2Q6J-VPVR-6PVJ Apache Superset vulnerable to improper SQL authorization

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2024-0985)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY. By persuading a victim...

[SECURITY] Fedora 39 Update: pgadmin4-7.8-7.fc39

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

CBL Mariner 2.0 Security Update: postgresql (CVE-2022-41862)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41862 advisory. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishme...

CBL Mariner 2.0 Security Update: postgresql (CVE-2023-2455)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2455 advisory. - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policie...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37593)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37579)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

RHEL 7 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Memory disclosure in aggregate function calls CVE-2023-5868 - A flaw was found in PostgreSQL...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37595)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37589)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37581)

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2022-41862

...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

openSUSE Security Advisory (SUSE-SU-2024:2266-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in PostgreSQL affects IBM Storage Scale (CVE-2024-1597)

Summary PostgreSQL could allow a remote attacker to gain unauthorized access to the system which affects IBM Storage Scale GUI. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...

Advisory ROSA-SA-2024-2449

Software: postgresql 12.1 OS: ROSA Virtualization 2.1 packageevrstring: postgresql-12.1 CVE-ID: CVE-2020-1720 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability has been discovered in PostgreSQL "ALTER ... DEPENDS ON EXTENSION" where subcommands did not perform authorization checks. An...