Sql injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786

CVE-2022-45786 documents a SQL injection in Apache AGE when using the Golang and Python drivers with PostgreSQL 11/12 (up to AGE 1.1.0). Root cause: the cypher() placeholder could not be parameterized, and driver parameterization was insufficient, enabling injections. Mitigation: upgrade the Gola...

Apache AGE SQL注入漏洞

Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-0334c6000a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: pgadmin4-6.19-1.fc36

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PostgreSQL

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of PostgreSQL. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created...

[SECURITY] Fedora 37 Update: pgadmin4-6.19-1.fc37

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-e7297a4aeb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-5238-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-44566

A flaw was found in the rubygem-activerecord. RubyGem's ActiveRecord is vulnerable to a denial of service caused by a flaw in the PostgreSQL adapter. By sending a specially-crafted request, a remote attacker can cause a slow sequential scan, resulting in a denial of service...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...

AlmaLinux 9 : postgresql-jdbc (ALSA-2023:0318)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:0318 advisory. - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC...

Denial Of Service (DoS)

activerecord is vulnerable to Denial of Service DoS. The vulnerability exists in the PostgreSQL::Quoting function because values above a 64bit signed interger get treated as numeric which allows an attacker to cause an application crash...

JVN#01398015: pgAdmin 4 vulnerable to directory traversal

PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Impact A user of the product may change another user's settings or alter the database. Solution Update the Software Update the software to the latest version according to the information provided by the...

Medium: postgresql96

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

Medium: postgresql94

Issue Overview: When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and...

pgAdmin 路径遍历漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin versions prior to 4 v6.19. An attacker could exploit the vulnerability to change other users' settings or alter the database...