592 matches found
CLSA-2025-1754411479 Fix CVE(s): CVE-2025-48384
SECURITY UPDATE: security vulnerability - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintended stripping of CR - CVE-2025-48384...
RLSA-2025:3082 Important: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...
CLSA-2025-1752683103 git: Fix of CVE-2025-48384
CVE-2025-48384: config: quote values containing CR character...
CLSA-2025-1752655315 git: Fix of CVE-2025-48384
CVE-2025-48384: config: quote values containing CR character...
CLSA-2025-1752655539 git: Fix of CVE-2025-48384
CVE-2025-48384: config: quote values containing CR character...
AZL-65124 CVE-2025-1735 affecting package php for versions less than 8.1.33-1
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
BIT-GIT-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
SUSE CVE-2025-1735
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
Multiple vulnerabilities detected in PostgreSQL
Multiple PostgreSQL vulnerability updates CVE-2025-1094-PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2024-10979-PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10978-PostgreSQL SET ROLE, SET SESSION AUTHORIZATI...
postgresql security update
9.2.24-9.0.5 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain - libpq functions Orabug: 37843176...
CLSA-2025-1748638245 python3: Fix of CVE-2024-9287
CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...
Amazon Linux 2 : postgresql (ALAS-2025-2866)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2866 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, an...
Important: postgresql
Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...
CVE-2021-2268
Vulnerability in the Oracle Quoting product of Oracle E-Business Suite component: Courseware. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks of th...
CVE-2020-11632
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges...
CLSA-2025-1747854434 Fix CVE(s): CVE-2024-9287
SECURITY UPDATE: Path names provided when creating a virtual environment were not quoted properly - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...
RLSA-2025:1739 Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...
RLSA-2025:1740 Important: postgresql:16 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...