Medium: postgresql15

Issue Overview: In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...

Important: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated...

ALSA-2023:5994 Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

PaperCut NG < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut host’s file storage. This could exhaust system...

PaperCut MF < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut host’s file storage. This could exhaust system...

Ubuntu 18.04 ESM / 20.04 ESM : PostgreSQL JDBC Driver vulnerability (USN-5238-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5238-1 advisory. It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this...

Mozilla: SQL Injection on prod.oidc-proxy.prod.webservices.mozgcp.net via invite_code parameter - Mozilla social inscription

A SQL injection vulnerability was found in the invitecode parameter on prod.oidc-proxy.prod.webservices.mozgcp.net during Mozilla social inscription. Adding quotes to the parameter revealed the issue. A time-based blind payload confirmed the vulnerability, allowing arbitrary SQL queries. This cou...

Security Bulletin: Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)

Summary Postgresql JDBC as shipped with IBM Security Verify Access has addressed a vulnerability that could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to...

ROS-20231009-01

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

RLSA-2023:4527 Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

postgresql:12 security update

An update is available for module.pgaudit, postgresql, pgaudit, module.pgrepack, module.postgres-decoderbufs, pgrepack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql:13 security update

An update is available for module.pgaudit, postgresql, pgaudit, module.pgrepack, module.postgres-decoderbufs, pgrepack, module.postgresql, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2023:4535 Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 postgresql: Client memory disclosure...

Rocky Linux 8 : postgresql:13 (RLSA-2023:4527)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4527 advisory. - schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with...

Rocky Linux 8 : postgresql:12 (RLSA-2023:4535)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4535 advisory. - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certai...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-8cc61c8b14)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-478aa17fa2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...