CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

PT-2024-20318 · Supabase · Supabase Postgresql

Name of the Vulnerable Software and Affected Versions: Supabase PostgreSQL version 15.1 Description: A SQL injection issue was discovered via the component /pg meta/default/query. However, the vendor's position is that this is an intended feature, existing in the Supabase dashboard product for...

PostgreSQL 12.x < 12.18, 13.x < 13.14, 14.x < 14.11, 15.x < 15.6, 16.x < 16.1 Privilege Escalation Vulnerability - Linux

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PostgreSQL 12.x < 12.18, 13.x < 13.14, 14.x < 14.11, 15.x < 15.6, 16.x < 16.1 Privilege Escalation Vulnerability - Windows

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with th...

PT-2024-1568 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.2 PostgreSQL versions prior to 15.6 PostgreSQL versions prior to 14.11 PostgreSQL versions prior to 13.14 PostgreSQL versions prior to 12.18 Description: The issue is related to a late privilege drop in the...

Design/Logic Flaw

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2024-24574

CVE-2024-24574 affects phpMyFAQ; unsafe echo of the filename in phpMyFAQ/phpmyfaq/admin/attachments.php enables a stored XSS (client-side JavaScript execution). The vulnerability has been patched in version 3.2.5. Affected description and references from multiple sources (NVD, Red Hat, GHSA) conf...

CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

CVE-2024-22208

CVE-2024-22208 affects phpMyFAQ, where the front-end sharing feature allows unauthenticated users to email multiple recipients (the UI supports 5 addresses) and, due to backend lack of enforcement, can be abused to send thousands of phishing emails via the app’s mail server. The issue stems from ...

CVE-2024-22202

phpMyFAQ contains a vulnerability in the user removal page that lets an attacker spoof another user’s details and trigger phishing-style account deletion emails to administrators. The issue arises because the front-end does not enforce data integrity on the removal request, enabling an attacker (...

CVE-2024-22202 User Removal Page Allows Spoofing Of User Details

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn'...

SSPI Authentication Errors

Challenge In Veeam Backup & Replication When installing updates, restoring configuration, or directly interacting with the database e.g., using pgAdmin, the following error occurs: SSPI authentication failed for user In Veeam ONE When upgrading to Veeam ONE v13, the following error may occur:...

RHEL 8 : postgresql:10 (RHSA-2023:7786)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7786 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflow in arra...

RHEL 8 : postgresql:15 (RHSA-2023:7883)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7883 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

RHEL 8 : postgresql:12 (RHSA-2023:7656)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7656 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

RHEL 8 : postgresql:13 (RHSA-2023:7579)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7579 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Buffer overrun from integer overflo...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2024-007)

The version of postgresql installed on the remote host is prior to 12.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2024-007 advisory. Certain aggregate function calls receiving unknown-type arguments could disclose bytes of server memory from...

Amazon Linux 2 : libpq (ALASPOSTGRESQL14-2024-005)

The version of libpq installed on the remote host is prior to 14.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-005 advisory. 2024-06-06: CVE-2023-5869 was removed from this advisory.2024-06-06: The severity of this advisory was modified from...