Low: Red Hat Security Advisory: RHACS 3.73 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

IBM has fixed a high-severity security vulnerability affecting its Cloud Databases ICD for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw CVSS score: 8.8, dubbed "Hell's Keychain" by cloud securi...

PostgreSQL JDBC Driver Installed

Binary data postgresqljdbcdriver.nbin...

PostgreSQL JDBC Driver 42.2.x < 42.2.27 / 42.3.x < 42.3.8 / 42.4.x < 42.4.3 / 42.5.x < 42.5.1 Information Disclosure

The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8, 42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability. SQL queries using prepared statements that total more than...

ManageEngine ServiceDesk Plus MSP < 10.6 Build 10609 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 10.6 Build 10609. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...

ManageEngine ServiceDesk Plus < 14.0 Build 14001 Multiple Vulnerabilities

The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14001. It is, therefore, affected by multiple vulnerabilities, including the following: - An XML external entity XXE vulnerability due to a flaw in the Analytics Plus integration. Threat actors with adm...

ManageEngine AssetExplorer < 6.9 Build 6981 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine AssetExplorer prior to 6.9 Build 6981. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation mechanism...

ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation

A privilege escalation vulnerability exists in ManageEngine SupportCenter Plus prior to 11.0 Build 11025. This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation...

Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access

How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote authenticated attacker to execute arbitrary code on the system due to PostgreSQL (CVE-2022-2625)

Summary IBM Sterling Connect:Direct Web Services has addressed an applicable issue from PostgreSQL. Vulnerability Details CVEID:CVE-2022-2625 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification...

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

PostgreSQL JDBC Drive Information Disclosure Vulnerability

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

Information Disclosure

Postgresql JDBC Driver is vulnerable to Information Disclosure. The vulnerability exists due to StreamWrapper parameterized constructor in StreamWrapper.java creating a temporary file if the InputStream is larger than 51200 bytes which allows an attacker to read the file due to incorrect file...

Information disclosure

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

CVE-2022-41932 Creation of new database tables through login form on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

PostgreSQL JDBC Driver 安全漏洞

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

CVE-2022-41946

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

Creation of new database tables through login form on PostgreSQL

Impact It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. Patches The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Workarounds The only workarounds for this are: use an authenticator which does...