13198 matches found
postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...
Moderate: Red Hat Security Advisory: Red Hat Virtualization security and bug fix update
An update for ovirt-ansible-collection, ovirt-engine, and postgresql-jdbc is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this...
postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setTextint, InputStream and PreparedStatemet.setByteaint, InputStream. This could allow a user to create an unexpected file available to all users, which could end in unexpected...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which is caused by a...
SUSE: Security Advisory (SUSE-SU-2023:0392-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...
SUSE-SU-2023:0393-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq bsc1208102...
SUSE-SU-2023:0392-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq bsc1208102...
SUSE-SU-2023:0390-1 Security update for postgresql12
This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq bsc1208102...
Information Disclosure
postgresql is vulnerable to Information Disclosure. The vulnerability exists because a modified, unauthenticated server can send an unterminated string during the establishment of kerberos transport encryption where a libpq's caller makes that message accessible to the attacker...
Debian: Security Advisory (DLA-3316-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3316-1] postgresql-11 security update
Debian LTS Advisory DLA-3316-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez February 10, 2023 https://wiki.debian.org/LTS Package : postgresql-11 Version : 11.19-0+deb10u1 CVE ID : CVE-2022-41862 Jacob Champion discovered that libpq can leak memory contents...
CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...
PostgreSQL 12.x < 12.14, 13.x < 13.10, 14.x < 14.7, 15.x < 15.2 Information Disclosure Vulnerability - Windows
PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PostgreSQL 12.x < 12.14, 13.x < 13.10, 14.x < 14.7, 15.x < 15.2 Information Disclosure Vulnerability - Linux
PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Debian dla-3316 : libecpg-compat3 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3316 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3316-1 [email protected] https://www.debian.org/lts/security/...
DLA-3316-1 postgresql-11 - security update
Bulletin has no description...
UBUNTU-CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...
DEBIAN-CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...
CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...