Security
Headlines
HeadlinesLatestCVEs

Tag

#postgres

Environment-as-a-Service, part 4: External resources and dynamic credentials

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

Red Hat Blog
Open in Source
#sql#red_hat#js#git#kubernetes#perl#aws#auth#postgres#ssl
GHSA-xfg6-62px-cxc2: SQL injection in pgjdbc

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

Debian Security Advisory 5623-1

Debian Linux Security Advisory 5623-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

Debian Security Advisory 5622-1

Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Without Limits or Throttling, Improper Authentication, Inefficient Regular Expression Complexity, Excessive Iteration, HTTP Request/Response Smuggling, Injection, Path Traversal, Race Condition, Improper Certificate Validation, Off-by-one Error, Missing Authorization, Use of Insufficiently Random Values, Buffer Underflow, Incorrect Per...

GHSA-8pjx-jj86-j47p: Grafana path traversal

Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: - [Download Grafana 8.3.1](https://grafana.com/grafana/download/8.3.1) - [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-1/) Release v8.2.7, only containing a security fix: - [Download Grafana 8.2.7](https://grafana.com/grafana/download/8.2.7) - [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-2-7/) Release v8.1.8, only containing a security fix: - [Download Grafana 8.1.8](https://grafana.com/grafana/download/8.1.8) - [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-8/) Release v8.0.7, only containing a security fix: - [Download Grafana 8.0.7](https://grafana.com/grafana/download/8.0.7) - [Release notes](https://grafana.com/docs/grafana/lat...

Red Hat Security Advisory 2024-0337-03

Red Hat Security Advisory 2024-0337-03 - Updated images are now available for Red Hat Advanced Cluster Security 4.2.4. The updated images includes security fixes.

Red Hat Security Advisory 2024-0332-03

Red Hat Security Advisory 2024-0332-03 - Updated images are now available for Red Hat Advanced Cluster Security 4.1.6. The updated images includes security fixes.

Red Hat Security Advisory 2024-0304-03

Red Hat Security Advisory 2024-0304-03 - Updated images are now available for Red Hat Advanced Cluster Security 3.74. The updated images includes bug and security fixes.

Ubuntu Security Notice USN-6538-2

Ubuntu Security Notice 6538-2 - USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.