CVE-2023-28630

CVE-2023-28630 affects GoCD versions 20.5.0 through 23.1.0. When backups are enabled but the server cannot access the required backup binaries (pg_dump for PostgreSQL or mysqldump for MySQL), a failure to launch the backup utility can leak the plaintext database password in admin alerts. The flaw...

CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...

PT-2023-21862 · H2 +2 · H2 +3

Name of the Vulnerable Software and Affected Versions: GoCD versions 20.5.0 through 23.1.0 Description: The issue arises when the server environment is not correctly configured to provide access to the relevant PostgreSQL or MySQL backup tools, potentially leaking database access credentials to...

Upgrade Postgres for CVE-2022-41946

h3. Issue Summary The version of Postgresql bundled in Bitbucket is affected by CVE-2022-41946|https://nvd.nist.gov/vuln/detail/CVE-2022-41946 as described below: quote pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

USN-5906-1: PostgreSQL vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Jacob Champion discovered that the PostgreSQL client incorrectly handled Kerberos authentication. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could...

CVE-2023-28424

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

Sql injection

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-28424

CVE-2023-28424 concerns Gentoo Soko, a Go module powering packages.gentoo.org. The vulnerability affects the package search handlers in Go code (pkg/app/handler/packages/search.go) prior to version 1.0.2, where the parameter q enabled a SQL injection. This allowed unauthenticated attackers to run...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

How to Migrate Veeam Backup Enterprise Manager's Database from Microsoft SQL to PostgreSQL

Purpose This article documents the migration of the Veeam Backup Enterprise Manager Enterprise Manager configuration database from Microsoft SQL to PostgreSQL. Notes: The migration process is one-way only. Migration can only be performed from Microsoft SQL to PostgreSQL. Note: Starting in Veeam...

SUSE-SU-2023:0705-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq bsc1208102...

Important: Red Hat Security Advisory: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update

Red Hat Integration Camel Extensions for Quarkus 2.7-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scori...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...

Debian: Security Advisory (DLA-1642)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-152)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-252)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...