Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-m6jm-3v38-76j4: Apache Superset: Improper Neutralization of custom SQL on embedded context

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

ghsa
#sql#vulnerability#apache#git
GHSA-h7r6-8qmm-hj5r: Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.

GHSA-xxf8-fpmr-fw7v: Subrion CMS vulnerable to SQL Injection

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.

Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover

Hospital Management System version 1.0 suffers from insecure direct object reference and account takeover vulnerabilities.

Hospital Management System 1.0 SQL Injection

Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability.

Ubuntu Security Notice USN-6656-1

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

TimbreStealer campaign targets Mexican users with financial lures

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.