Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Gentoo Linux Security Advisory 202408-24

Gentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.

Packet Storm
#sql#vulnerability#web#mac#linux#js#rce#ruby
Garden Gate 2.6 SQL Injection

Garden Gate version 2.6 suffers from a remote SQL injection vulnerability.

Debian Security Advisory 5746-1

Debian Linux Security Advisory 5746-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

Debian Security Advisory 5745-1

Debian Linux Security Advisory 5745-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

Gentoo Linux Security Advisory 202408-15

Gentoo Linux Security Advisory 202408-15 - Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 8.0.29.22 are affected.

Farmacia Gama 1.0 File Inclusion

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

GHSA-p6w9-r443-r752: Shopware vulnerable to blind SQL-injection in DAL aggregations

### Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters. ### Patches Update to Shopware 6.6.5.1 or 6.5.8.13 ### Workarounds For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### Credit [LogicalTrust](https://logicaltrust.net)