50 matches found
Astra Linux - уязвимость в pgpool2
In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...
NewStart CGSL MAIN 6.06 (SP) : bind Multiple Vulnerabilities (NS-SA-2026-0006)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which...
EUVD-2012-3764
Malware in sbrugna...
EUVD-2023-1541
Malicious code in bioql PyPI...
NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2025-0228)
The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows...
[SECURITY] [DLA 3993-1] pgpool2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3993-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA December 12, 2024 https://wiki.debian.org/LTS -...
Debian dla-3993 : libpgpool-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3993 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3993-1 [email protected]...
ALPINE-CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
DEBIAN-CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
UBUNTU-CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
CVE-2024-45624
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
Pgpool-II vulnerable to information disclosure
Overview Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development...
PT-2024-31713 · Pgpool-Ii +2 · Pgpool-Ii +2
Name of the Vulnerable Software and Affected Versions: Pgpool-II versions up to 4.5.3 Description: Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved...
GHSA-VH6J-WV25-8QXR Flow Bugfix Releases for Entity Security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user like the company he belongs to, entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from...
Flow Bugfix Releases for Entity Security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user like the company he belongs to, entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from...
Information Disclosure
neos/flow is vulnerable to Information Disclosure. The vulnerability is due to entity security not properly integrating with the doctrine query cache, allowing users to reuse cached SQL queries built for other users based on their roles rather than their specific properties, potentially revealing...
GHSA-9CW3-J7WG-JWJ8 Neos Flow Information disclosure in entity security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user like the company he belongs to, entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from...
Fixed in ClickHouse v24.1, 2024-01-30
When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles...