Rocky Linux 8 : postgresql:12 (RLSA-2021:5235)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5235 advisory. - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker ca...

Rocky Linux 8 : postgresql:12 (RLSA-2022:4807)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4807 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Rocky Linux 8 : postgresql:13 (RLSA-2022:4855)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4855 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Fedora: Security Advisory (FEDORA-2023-735ee6d4e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.4-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] [DLA 3644-1] phppgadmin security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3644-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 03, 2023 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-3644-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Puppet Enterprise < 2019.8.8 / 2021.x < 2021.3 PostgreSQL Vulnerability

For more information about this vulnerability, refer to the security announcements for CVE-2021-3677 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugi...

Puppet Enterprise < 2019.8.6 PostgreSQL Vulnerabilities

For more information about these vulnerabilities, refer to the Postgresql News Page. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...

Puppet Enterprise < 2018.1.17 / 2019.x < 2019.8.3 PostgreSQL Vulnerabilities

For more information about the vulnerabilities, refer to the Postgresql News Page. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...

Puppet Enterprise < 2018.1.18 / 2019.x < 2019.8.4 PostgreSQL Vulnerabilities

For more information about the vulnerabilities, refer to the Postgresql News Page. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin were extracted...

SUSE CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

CVE-2023-46128

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

PYSEC-2023-220

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.4-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.4-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

Analysis: A Ransomware Attack on a PostgreSQL Database

In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab. In general, the attack flow contained: A brute force attack on the database for known users and weak...

Medium: postgresql15

Issue Overview: In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...