CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

Path traversal

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to local information disclosure due to Postgresql JDBC (CVE-2022-41946)

Summary The Postgresql JDBC driver is used by IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

FreeBSD : phpmyfaq -- multiple vulnerabilities (439f3f81-7a49-11ed-97ac-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 439f3f81-7a49-11ed-97ac-589cfc0f81b0 advisory. - phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backen...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backend a stored cross-site scripting vulnerability in the category name a stored cross-site scripting vulnerability in the admin logging a stored cross-site scripting vulnerability in the FAQ title a...

Intel Data Center Manager 4.1 SQL Injection Vulnerability

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. 1...

Abusing JSON-Based SQL

Overview Modern databases, such as PostgreSQL, natively support JSON as data values that can be queried. This capability uses JSON-specific operators, including an operator to test for key presence. Imperva Threat Research has investigated these database native JSON operators and discovered...

Security Bulletin: Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management. Vulnerabilities include: PostgreSQL allowing remote authenticated attacker to execute arbitrary code on the system, Open JDK being vulnerable to a denial of service and allowing a remote...

The vulnerability in the implementation of PreparedStatement.setText() or PreparedStatement.setBytea() methods of the JDBC driver (PgJDBC) for connecting Java programs to PostgreSQL allows a hacker to exploit the protected information.

The vulnerability in the implementation of PreparedStatement.setText or PreparedStatement.setBytea methods of the PgJDBC driver for connecting Java programs to PostgreSQL lies in the use of insecure temporary files. Exploiting this vulnerability could allow an attacker to disclose sensitive...

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-2802)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for postgresql-jdbc (EulerOS-SA-2022-2803)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-2803)

According to the versions of the postgresql-jdbc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Ja...

EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2022-2802)

According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability...

Ubuntu: Security Advisory (USN-5765-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5765-1: PostgreSQL vulnerability

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

USN-5765-1 postgresql-9.5 vulnerability

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

Ubuntu 16.04 ESM : PostgreSQL vulnerability (USN-5765-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5765-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inje...